How to fit Sec into DevOps without Security team
DevOps team becomes a crucial element for the software development business and practices over all companies. If you can’t save time and unnecessary resource spending by leveraging automation in development cycle, you definitely loose time-to-market race with your competitor. When the entire workflow and DevOps tools are working at full capacity, it comes… Security… that makes struggle and slows down sometimes, doesn’t it? However, the presence of a centralized dedicated Security team, and even with specific knowledge (and bandwidth) about Secure Development Lifecyle (SDL) and DevSecOps, could be an unacceptable luxury for some medium or small companies. On the other hand, it could be hard for DevOps engineers to learn all that vulnerability handling specifics, Security tools and process features to establish the baseline: deliver the most robust and secure products as we can. Based on my and industry-leading experience I will explain how DevOps team can implement cheap and useful tools and automation practices to address 80% Security concerns related to development pipeline.
- Where vulnerabilities come from, in plain “development” English.
- From which point Sec starts within DevOps.
- Sec tools inside and beyond regular DevOps toolkits.
- Sec difficulties in DevOps: how to avoid pitfalls.
- DevOps success stories and business wins, thanks to Sec.
Target audience: non-security folks – DevOps engineers, Developers, QA engineers.
Roman is a practicing cybersecurity expert (10+ years). Security Development Lifecycle (SDL): launching and implementation, brought to market products and services, Managed complex security projects, Advised customers: cyber security strategy, business development and value of products. Current role: managing Product Security programs at Intel, recognized as a blue belt in Security.