Agile + DevOps Virtual 2020 - DevSecOps Summit Session | TechWell

Conference archive

Agile + DevOps Virtual 2020 - DevSecOps Summit Sessions

Wednesday, November 18

DJ Schleen
Rally | United Healthcare

Blameless Retrospectives in DevSecOps at Global Healthcare Giants

Wednesday, November 18, 2020 - 1:00pm to 1:45pm

Implementing a scalable DevOps program can seem like an impossible task at times. Add security into the mix and the challenge can appear insurmountable. Organizations around the world have come to realize the potential business impacts of adopting DevSecOps and how it can enable engineers to deliver more value to the market faster. While the prospect of transformation seems alluring, a great number of organizations are still unsure of where to start, what’s involved, how much it will cost and how to achieve success. Discussing our triumphs and tragedies not only bring clarity, but champion...

Judy Johnson
Onyx Point

The Science of Compliance - Early Code to Secure Your Node

Wednesday, November 18, 2020 - 1:45pm to 2:30pm

We all know that the earlier in the software development process, you start testing, the more money and time you save in the long run. This is the case not only with the coding process, but also with securing your systems. In this talk, we’ll talk about the difference between compliance and security, and how adding compliance is a measurable and repeatable way to make code more secure. We will discuss tools and methodologies for integrating compliance and inserting compliance checking at various places in the development process, starting with a compliant infrastructure, and continuing...


Usability vs. Security: Having Your Cake and Eating It Too

Wednesday, November 18, 2020 - 2:45pm to 3:30pm

In today’s rapidly changing marketplace, the usability of software is paramount to its adoption and success. However, we also recognize the need for solutions to have resiliency and security. How do you successfully navigate the tradeoffs between usability and security? Simple… you don’t! Instead of choosing one or the other, reject the false tradeoff and instead find ways to embrace both security and usability in your DevSecOps processes. Join Peter Hesse as he discusses strategies for getting security and user experience teams to work closely together, enabling the creation of better...


A Modern Approach to Managing and Securing Your Open Source Dependencies

Wednesday, November 18, 2020 - 3:30pm to 4:15pm

Ninety-two percent of applications contain open source components. Without careful maintenance, organizations open themselves up to exploits from malicious actors. Known vulnerabilities in an open source library can increase risk of compromise despite a development team’s best efforts and intentions. Relying on scanning tools to point out potential issues is not enough if you don’t also have a strategy in place to ensure those issues can be resolved. In this talk we’ll share a modern approach DevSecOps teams can use to better manage and secure their open source dependencies, ensuring...

Thursday, November 19

Alyssa Miller
Snyk, Ltd.

So Happy Together: Making the Promise of DevSecOps a Reality

Thursday, November 19, 2020 - 1:00pm to 1:45pm

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application...

Rich Mills

DevSecOps: Essential Pipeline Tooling To Enable Continuous Security

Thursday, November 19, 2020 - 1:45pm to 2:30pm

As we embrace DevOps to optimize our Agility, we need to move away from slow, manually intensive processes into more of a continuous flow of software into production. Whether we are doing true "Continuous Deployment" straight to production or not, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). What we need is the visibility to know that our code is secure enough to pass muster every day. What we need is continuous security.

The DevSecOps movement is...

Security Journey

DevSecOps Culture: Laughing Through the Failures

Thursday, November 19, 2020 - 2:45pm to 3:30pm

Rolling out DevOps + Security has its series of pitfalls. In this talk, we’ll explore real-world challenges, sprinkling in a bit of humor on behalf of the Internet, and work out the solutions to how to avoid these pain points using security culture. Examples include individuals with a non-collaborative mindset (not playing nice), security tools that provide zero value in the pipeline, old school thinking concerning requirements, the inability to perform threat modeling at DevOps speed, and many more. You’ll experience what can go wrong, to expose how to do things right.


Go Beyond DevSecOps to Continuous Security

Thursday, November 19, 2020 - 3:30pm to 4:15pm

Continuous. If you have been around DevOps for any length of time then you have heard this term. As in Continuous Integration, Continuous Build, Continuous Deployment, Continuous Delivery, Continuous Testing, Continuous Planning among others. Now we are living in a time when personal and data privacy matters more than ever, and so one "Continuous" is rising to the forefront: Continuous Security.

But what really IS Continuous Security? Is it simply a notion of running scans and tests as part of a pipeline and reporting vulnerabilities? We think it is much more then that. For years...