Agile + DevOps East 2020 Concurrent Session : DevSecOps for Managers, Executives, and Mere Mortals

Conference archive


Wednesday, November 11, 2020 - 1:15pm to 2:15pm

DevSecOps for Managers, Executives, and Mere Mortals

DevSecOps isn’t meant for just Gods and Unicorns, it is for mere mortals as well. One of the challenges we have in using Application Security practices is where to start, how to get value, i.e., be successful with initial efforts, and how to build on that success. The world is being driven more and more by network-connected applications and services that are constantly under attack from the curious and malicious. By simply adding steps to your pipeline, you can iteratively add AppSec practices to your process and dramatically increase the security of your software. Join Tom as he lays out a plan for starting with AppSec including, where to start, how to achieve success and build on it. We will also talk about what to do after achieving initial success, where you should introduce AppSec in your development process, and where AppSec should go in your build pipeline. Finally, we will discuss what still needs to be done by a person and what skills they will need. The time is past for Application Security to be an afterthought that can be bolted on after the software has been written. Step into the new networked world of software where security is integral to how people will view your product. Strong application security has become table stacks for software.

Coveros, Inc.

Tom Stiehm has been developing applications and managing software development teams for over twenty years. As CTO of Coveros, he is responsible for the oversight of all technical projects and integrating new technologies and testing practices into software development projects. Recently, Tom has been focusing on how to incorporate DevSecOps and agile best practices into projects and how to achieve a balance between team productivity and cost while mitigating project risks. One of the best risk mitigation techniques Tom has found is leveraging DevSecOps and agile testing practices into all aspects of projects. Previously, as a managing architect at Digital Focus, Thomas was involved in agile development and found that agile is the only methodology that makes the business reality of constant change central to the process.