Organizations are moving to DevOps to build and deploy software more rapidly. But as they break down organizational silos to bring together testing, development, and operations, they often avoid or exclude security in their transformational efforts. Leaders in highly regulated organizations are often left wondering, where does my traditional security organization fit into this new DevOps world? How do I know that my applications are becoming more secure, while still getting the advantages of rapid, incremental deployment? Alan Crouch will talk about his experiences with financial, health, and government clients adopting DevSecOps practices to address these challenges. He’ll outline the essential characteristics that make up a strong DevSecOps pipeline and what practical changes you can adopt now. Then, he will describe how quality gates and security testing can be used to shift security left. Lastly, Alan will review common pitfalls he has encountered along the way. You will leave with an understanding of how to reduce software risk and increase visibility into the security of your applications by adopting DevSecOps practices.
[video:https://youtu.be/F6SvmfY_g9Y width:300 height:200 align:right]