Enhancing Security in Software Development: A DevSecOps Approach By Jim Routh, Micheal W. Reese, Matthew Rosenquist and Pritha Aash

The discussion centers on the inadequacies of identity access management (IAM) practices in software development within a cloud-first model across various enterprises. It highlights the necessity of incorporating security measures early in the software development life cycle (SDLC) to ensure robust and secure platforms.



Here is the verbatim discussion:

Support that premise at all um what I would say is that identity access management practice in software development in a cloud first model across every single Enterprise sucks right it's inadequate insufficient not enough uh and that's every Enterprise and so we all have every Enterprise has to step up and deal with that challenge and that's not necessarily unique to solar winds yeah Michael your thoughts yeah we see that across the board right um and I know Jim used the word Dev off I'm getting away from devop it's Dev SEC off you have to include security when you start building that product you've got to understand what that flow of data is so if something happens you're right there um so yeah I think that's the first thing we need to do is make sure SDC that software development life cycle we know what's going on with there and we're building a software platform that's going to work and it's going to be secure but that starts at the beginning it starts at the beginning of that Dev de off I totally agree with Jim yeah um I'm in line with you guys thank you so much to the speakers extremely grateful and honored to have you in this discussion and to all the audience we were full today there were people who weren't able to join us us so that is great it was in a very exciting session and I think it was houseful till almost the end and now we'll wrap and hope to see you all in another very interesting session the next one which we'll plan soon thank you so much Jim Michael Matthew extremely grateful for joining us today have a good morning.




IAM Challenges Across Enterprises:

  • Identity access management practices are found lacking in numerous enterprises, not just SolarWinds.
  • The consensus among the speakers is that IAM implementation is insufficient and needs improvement across the board.

Incorporating Security in SDLC:

  • The speakers advocate for a shift towards a DevSecOps approach, where security is integrated into the development process from the outset.
  • Understanding the flow of data and ensuring security measures are in place early on can mitigate risks and enhance platform security.

Collaborative Efforts for Improvement:

  • All speakers concur on the importance of prioritizing security in software development.
  • They emphasize the need for collective efforts across enterprises to address IAM challenges and improve security practices.


The discussion concludes with gratitude towards the speakers and the audience for their participation. It acknowledges the importance of the session in raising awareness about cybersecurity challenges and advocating for proactive measures to enhance platform security. The speakers' insights underscore the imperative for enterprises to prioritize security in their software development processes, emphasizing the adoption of a DevSecOps approach to mitigate risks effectively.



Jim Routh a board member, advisor and investor with specific expertise as a transformational security leader focused on applying risk management discipline to a converged security function for global enterprises to achieve enterprise resilience. Demonstrated track record of designing security control using innovation and data science to align senior executives to deliver world-class level security capabilities to drive positive business results in a digital world.



Micheal W. Reese Over 30 years’ experience in Information Technology serving in senior executive positions encompassing security, general operations management, project management, process change and development, business development as well as service and product management functions. A Cybersecurity Specialist, licensed as a Computer Forensics Investigator, Certified Information Systems Security Professional, Hacking Forensic Investigator and Fire and Explosion Investigator . Assisted both the DOJ and FBI on several matters, worked with High Tech Crime Units in Portland and Sacramento. Given expert witness testimony in hearings, depositions and at trial.




Matthew Rosenquist is a seasoned cybersecurity strategist and Chief Information Security Officer (CISO) with over three decades of experience. With a remarkable career at Intel Corporation spanning 24 years, he spearheaded key security initiatives, including establishing Intel's first Security Operations Center and leading cyber crisis response teams. As an influential figure in the industry, he currently serves as the CISO for Eclipz and advises numerous organizations worldwide on cybersecurity, emerging threats, privacy, and regulatory compliance. With a unique ability to bridge technical expertise with business acumen, Matthew is renowned for developing effective security strategies and enabling organizations to navigate complex cyber risks while optimizing security, privacy, and governance.




Pritha Aash managing parts of content strategy and marketing in a startup called FireCompass. The team has built things first time in the world and i'm overexcited to be part of it. I decided to share some of it and more. I'm an Information Technology Engineer. Prior to that I did my schooling from Sri Aurobindo, Loreto House, Loreto Convent Entally, Kolkata. I like to volunteer in interest groups, communities to help the world we live in be a better place. Currently volunteer at WWF, Khan Academy, SaveTrees.




E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa