Social Network For CISO (Chief Information Security Officers)
DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.
1: Identify key principles of DevSecOps and see how it relates to DevOps principles.
2: Analyze common pitfalls and see where integration security takes part in DevSecOps.
3: Demonstrate how to do “Continuous Security” by using a lifecycle approach.
Speaker: Hasan Yasar
Hasan Yasar is the Technical Manager of the Secure Lifecycle Solutions group in the CERT Division of the Software Engineering Institute, CMU. Yasar leads an engineering group tasked on developing prototype solutions with DevSecOps. He specializes in secure software solutions design and development in the cybersecurity domain including digital investigation, incident management and large-scale malware analysis. He is also Adjunct Faculty in CMU Heinz Collage and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.