B1. Automating Security in DevOps: Security in the Pipeline
Wednesday, June 5, 2019
11:15 AM - 12:15 PM
A big challenge facing organizations today is how to implement Security Controls into their continuous delivery pipelines. With the advent of DevOps, applications can be pushed to production multiple times a day – or even multiple times per hour – into a production environment. With this velocity, it can be difficult to apply security controls without adversely impacting the business. This session will cover how security departments can help the business understand the advantages of DevSecOps for securing applications while walking through the delivery lifecycle of a product from conception to deployment - identifying places where security tools were integrated in an automated way.
After completing this session, the learner will have a better understanding of:
- Understanding the drawbacks of different vulnerability scanners
- Continuous integration and development pipeline sequence concepts
DJ is a DevSecOps pioneer, creator of The DevSecOps Experiments, a DevSecOps Evangelist, and a Security Architect. He provides thought leadership to organizations adopting DevSecOps practices worldwide. DJ specializes in designing DevSecOps pipelines and automating security controls in DevOps environments. He is also an ethical hacker and performs significant R&D work in Moving Target Defense.
DJ has worked to streamline the development practices for many Fortune 100 organizations by focusing on culture, technique, the right technology, and the goals of the business. He is an international speaker, blogger, instructor and author in the DevSecOps community where he encourages organizations to deeply integrate a culture of security and trust into their core values and product development journey