Explore DevSecOps implementation strategies and lessons learned from Starbucks' efforts to securely develop, deploy, and support a unified commerce platform. Gain insights into security by design approaches, infrastructure as code for security policies, continuous audits, containerization, and integrating security checks into CI/CD pipelines. Learn about secure environment templates, automated validation, legacy application challenges, autonomy, collaboration, sensitive information management, procurement tools, container management, service security, key management, asset management, and fostering a security-conscious culture. Discover how to balance developer and security needs in a DevOps world through this comprehensive conference talk by Scott Schwan and Matt Wells at Philly ETE 2017.
DevSecOps: Lessons Learned from Inserting Security into a DevOps World
Overview
Syllabus
Introduction
DevSecOps
Security by Design
Secure Environment Templates
Automate Validation
WHAP
Containers
Questions
Legacy Applications
Autonomy
Collaboration
Managing Sensitive Information
Procurement Tools
Managing Churn
Container Management
Service Security
Contracts Agreements
Key Management
Asset Management
Culture
Developer vs Security
Taught by
ChariotSolutions
