Loading…
Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Thursday, September 12 • 11:30am - 12:15pm
DevSecOps: Essential Pipeline Tooling to Enable Continuous Security

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
As we embrace DevOps to optimize our Agility, we start pushing working code toward production releases more frequently. Gone are the days where we can have a disjoint, mysterious security team that works down the hall or on some other floor. Whether we are doing true "Continuous Deployment" straight to production or not, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). What we need is a way to know that our code is secure enough to pass muster every day. What we need is confidence that our software can continue to defend itself. What we need is continuous security.

The DevSecOps movement is about exactly that: shifting security assessment left and integrating it into the daily and sprint-ly cycles that DevOps has made popular. It means finding those touchpoints in our continuous integration/continuous delivery (CI/CD) pipeline where security tools can be inserted and run continuously against the software changes as they are made. It means using static code analysis, dynamic security testing, secure composition analysis of third party components, and platform vulnerability scanning to look at all aspects of security every day. It means breaking builds and rejecting changes when developers introduce new security vulnerabilities.

In this talk, I present my successes and challenges with integrating security into DevOps pipelines to provide continuous assessment of security posture. I focus on my latest experiences building delivery pipelines for a containerized microservice-based project where we integrated a broad set of open source and commercial tools to gather and present security data.

Speakers
avatar for Richard Mills

Richard Mills

DevOps Solution Architect, Coveros, Inc.
Richard Mills has more than 25 years of experience in software engineering with a concentration on pragmatic software process and tools. Rich has a specific focus in Agile development methods and is passionate about DevOps, Continuous Integration, and Continuous Delivery. As a DevOps... Read More →


Thursday September 12, 2019 11:30am - 12:15pm
Lincoln 5