Overview
Explore a comprehensive guide to the secure DevOps journey in this 25-minute conference talk from AppSec EU 2017. Gain insights from Peter Chestna, Director of Developer Engagement at Veracode, as he shares his experience leading Veracode's transition from Waterfall to DevOps. Learn about the fundamental differences between Waterfall, Agile, and DevOps methodologies from people, process, and technology perspectives. Discover key considerations for transitioning between these methodologies, including organizational structure changes, process modifications, and addressing technical debt. Acquire strategies for leading change within your own company and understand how to effectively integrate security into DevOps practices to minimize schedule risk and maintain high velocity. Delve into topics such as transformation in people, organization, culture, process, and technology, as well as the evolution of security practices across different methodologies.
Syllabus
Intro
Transformation - People/Org/Culture
Transformation - Process
Transformation - Technology
Waterfall - Process
Waterfall - Technology
Waterfall - Security
Missing the target with Waterfall
Hitting the target with Agile and DevOps
Agile - Process
Agile - Technology Initially
Agile - Security - Early Days
DevOps - Process
DevOps - People
DevOps - Technology - Aspirational
DevOps - Security - Integrated into C Pipeline
DevOps - Shift Left
This Is Our Journey
Taught by
OWASP Foundation