Earlier this year I was asked to prepare a presentation for SecureGuild 2019 – an online conference focused on application security.
I’ve decided to take it a bit further and instead of talking just about appsec, I showed up with a presentation about DevSecOps and my real-life experience with it. I felt like there still isn’t enough content released for the community to learn from individual cases.
The main theme of my talk was how to achieve a successful DevSecOps evolution through realistic expectations and company-wide transparency and here is how I summarized the talk:
Although most companies are somewhere in the middle and it’s hard to really determine the factors that allow them to effectively manage their security operations, there is a lot we can learn by studying the stories of companies that thrive on DevSecOps and those that really struggle to make it work. In my experience, the biggest reason for companies failing to succeed with DevSecOps is that instead of embracing it, they engage in the project with deep resistance because they know they haven’t really done their homework and aren’t prepared enough to comprehend the big-picture perspective. During my presentation, I want to share with you my observations from over 5 years spent in the trenches, which should turn helpful if your goal is to build a DevSecOps roadmap that focuses on practicality and positive long-term influence at your organization.
The video was originally published in May 2019, and I’ve received a confirmation from the organizer that I can release it to the community in December, so here we go!
I hope that my research and experience help the community a bit. Curious to hear your stories on the experiences you’ve had with DevSecOps and DevSecOps-wannabe organizations.
All the best,