Agile + DevOps East 2019 Concurrent Session : Shifting Security Left: The Innovation of DevSecOps

Conference archive


Wednesday, November 6, 2019 - 3:00pm to 4:00pm

Shifting Security Left: The Innovation of DevSecOps

Add to calendar

DevSecOps uses application security practices that have existed for a while. The innovation of DevSecOps is incorporating security into the daily workflow of the team rather than leaving it to the end, shifting security left by automating aspects of security testing. DevSecOps leverages DevOps practices to make application security a first-class citizen in the practices of modern software development. But that requires a culture change: DevSecOps starts before the code is even written, using techniques like threat modeling and risk analysis to figure out who will attack you and how. Come learn how to map application security practices into the build pipeline for a project in order to provide quick feedback about the security posture for any changes made to the software. Automation allows the team to move quickly while maintaining confidence in the code base; DevSecOps extends that health check to include application security checks. Tom Stiehm will show you how, when, and where practices should be incorporated into a build pipeline to get the most value out of your security practices through automation. You'll be ready to involve your cross-functional teams, including security professionals, from the beginning to create software through collaboration and fast feedback cycles.

Tom Stiehm
Coveros, Inc.

Tom Steihm has been developing applications and managing software development teams for over twenty years. As CTO of Coveros, he is responsible for the oversight of all technical projects and integrating new technologies and testing practices into software development projects. Recently he has been focusing on how to incorporate DevSecOps and agile best practices into projects and how to achieve a balance between team productivity and cost while mitigating project risks. One of the best risk mitigation techniques Tom has found is leveraging DevSecOps and agile testing practices into all aspects of projects. Previously, as a managing architect at Digital Focus, Tom was involved in agile development and found that agile is the only methodology that makes the business reality of constant change central to the process.