Explore how a leading financial software provider extended DevOps principles to prepare for ISO27001 security certification in this NDC Security 2023 conference talk. Learn about Stacc's journey to align multiple companies, teams, and tech stacks with a common security standard. Discover how DevOps practices helped avoid a "one-platform-to-rule-them-all" approach, the lessons learned along the way, and ongoing challenges. Gain insights into merging security, regulations, and compliance with DevOps culture, addressing software supply chain risks, insider threats, and qualification processes. Understand the impact of audits, software development lifecycle adjustments, and the balance between smart developers and compliance requirements. Walk away with key takeaways on successfully integrating security practices into existing DevOps workflows.
Overview
Syllabus
Introduction
About Stack
About Mike Long
How can we merge these two worlds
Knight Capital
Audits
Knight Capital Report
Software Process
Software development culture
Smart developers
Compliance and security
Provenance
Mitigation
Software Supply Chain
Insider Threat
Qualification
Work stuff gets delayed
Back to the story
Another security control
Software development lifecycle
Back to Stack
Key takeaways
Taught by
NDC Conferences
