Explore the human-centric approach to DevSecOps in this 48-minute conference talk from APPSEC Cali 2018. Delve into the critical role of people in integrating security into DevOps practices, moving beyond automation to focus on collaboration, communication, and relationship-building. Learn techniques for establishing incentives, encouraging participation, providing constructive feedback, and achieving team goals. Discover how to use metrics and communication effectively to drive positive behaviors in security implementation. Gain insights into managing constraints like time, budget, and resources while navigating trade-offs in real-world application security scenarios. Understand the importance of developing skills in informed decision-making and influencing peers to grow a successful career in AppSec. Through analogies to RPG concepts and exploration of cognitive biases, grasp the complexities of security integration in DevOps environments and the strategies to overcome them.
DevSecOps: Integrating People and Automation in Application Security
Overview
Syllabus
Intro
DevOps
Actual Problem Ignored
Fantasy Campaign Setting
CI/CD Pipeline
Communication
Risks
Empathy
Codes of Conduct
RPG Threat Models
RPG Interpersonal Skills
A Fiendish Folio
Monstrously Manual
Weary of Awareness
Meaningful Metrics
Improving Fix Verification
Unearthing Arcana
Manual of the Planes
Cognitive Biases
Mind Flayer
Tough 10(-ish) List
Continuous Integration
Continuous Deployment
Taught by
OWASP Foundation
