Overview
Explore the critical role of security in DevOps through this insightful 47-minute conference talk from APPSEC Cali 2018. Delve into the evolution of security practices from pre-DevOps to post-DevOps environments, examining how leading companies leverage security as a strategic business driver. Analyze the underlying motivations behind major security initiatives, including Microsoft's Trustworthy Computing memo. Learn how to simplify complex security frameworks and implement practical security concepts in DevOps using a modified version of the NIST Cybersecurity Framework. Gain valuable insights from Caroline Wong, Vice President of Security Strategy at Cobalt, on aligning security practices with business objectives in the fast-paced world of DevOps.
Syllabus
Introduction
eBay Security
Zynga Security
Audience Demographics
Agenda
Why DevOps
DevOps research
DevOps adoption
The role of security
The role of security 10 years ago
Why does security matter
Vendor cloud ecosystem
Tech Beacon article
Amazon
Netflix
Target
Walmart
Nordstrom
Negative Press
Compliance
Trustworthy Computing
Application Security is Born
Besom
ISO 2703
Cloud Security Alliance
Security for DevOps
Improving Critical Infrastructure Security
Five Pillars of Security
Identify Bugs
Sharing Threat Intelligence
Key takeaways
Taught by
OWASP Foundation