Agile + DevOps East 2018 Tutorial: Tools for DevSecOps

Conference archive

Monday, November 5, 2018 - 8:30am to 12:00pm

Tools for DevSecOps

Add to calendar

DevOps is about creating alignment across the value stream for an application, service, or product. DevSecOps integrates security into this process, making the entire team responsible for delivering secure code that works and can be deployed and used securely. But how do you actually do that? What tools do you add to your DevOps pipeline to help make your software secure and provide your stakeholders with a high level of confidence that the software meets all security requirements & standards? In this tutorial Tom Stiehm will explore what security tools you can add to your DevOps pipeline and how to leverage those tools during delivery to achieve a high level of confidence in the security of your software. Real world examples will be discussed with a demonstration of an actual running automated DevOps pipeline that incorporates security tools. Discover how the output of security tools can provide valuable feedback to your team for improving the security of your software. Learn how, when, and where to place various types of security tools into your pipeline and use them effectively. In today's connected world it is important to use everything you can to make sure your software does not land you on the cover of the Wall Street Journal because of a massive breach in security.


Tom Stiehm is a 20 year veteran of the Information Technology industry. He has spent the past 10 years managing, designing and implementing software products and applications using agile software development methods. Prior to Coveros, Tom held a variety of CTO and architect positions at software development companies. Tom is a member of the northern Virginia BEA users group and the northern Virginia Java users group. Tom holds a B.S. degree in Computer Science from George Mason University.