A Practical Approach to Building Security In
The release date is a week away. Development is complete. The code works, and everything looks good. Marketing is ready with the media blitz. Our customers are waiting to get their hands on the new features and are sure to give us good feedback. The only step left is to get the security group to scan the application and give us the approval to release. Cross your fingers- let’s hope we get the green light! Otherwise, I don’t know what we are going to do. DevOps, and more importantly, DevSecOps, promises to do away with rolling the dice at the end and hoping we are allowed to release what we built. But how do we get to DevSecOps when we have a separate security sign-off, governance, regulations, and even corporate policies that say security gets the final word? How do we get from a classic security model to a DevOps-friendly process? Join Gene as he discusses practical steps for adding security to your existing development process. Attendees will learn tools and types of testing they can introduce to build security in from the beginning, eliminating the late surprises that the security team might find right before release.
Gene Gotimer is a proven senior software architect with many years of experience in web-based enterprise application design, most recently using Java. He is skilled in agile software development as well as legacy development methodologies and designing and developing secure, high-quality software. He has extensive experience establishing and using development ecosystems including continuous integration, continuous delivery, DevOps, unit testing, and a variety of software assurance tools and supporting processes. Gene feels strongly that repeatability, quality, and security are all strongly intertwined; each of them is dependent on the other two, which just makes agile and DevOps that much more crucial to software development.