Explore effective strategies for fostering sustainable security practices in DevOps and Agile environments. Learn how to empower development teams to maintain long-term security through assessment, training, and coaching. Discover techniques for automation, agile risk management, and avoiding common pitfalls. Gain insights on selecting appropriate security elements, raising security champions, and implementing threat modeling. Understand the importance of balancing processes, measuring progress, and gradually transitioning responsibility to development teams. Master the art of teaching teams to "fish" for security rather than simply providing short-term solutions.
Teaching Sustainable Security in DevOps and Agile Environments - AppSecUSA 2018
Overview
Syllabus
Intro
About me
You help securing
What happened?
COACH WITH THE END IN MIND
Planning phase
Keep in touch
The security coach
Select your elements wisely
Make it visible
Get a headstart: Get & train security teams!
Raise your champions
Don't overdo it!
Threatmodelling
Next step: automate!
See how & when you can let go
NEVER FORGET!
Add too many processes & steps CAUSE OF DEATH
Let the developer dig for requirements
Forget to measure
Do SDLC/ automation all yourself
Do SDLC / automation all yourself
Making it complex
Chief Excuse Officer
Wanting to hold on
Recap
Taught by
OWASP Foundation
