Agile + DevOps East 2022 Concurrent Session : DevSecOps in Practice, What Can and Can’t be Automated

Conference archive

  1. Home
  2. Program
  3. Concurrent Session
  4. DevSecOps in Practice, What Can and Can’t be Automated

SEE PRICING & PACKAGES

Thursday, November 10, 2022 - 10:00am to 11:00am

DevSecOps in Practice, What Can and Can’t be Automated

Application Security is a critical part of DevSecOps that isn’t well represented in many projects. This talk will explain how to factor application security into short feedback cycles so that teams aren’t overwhelmed by application security issues or practices at the end of a release or at any time. One of the challenges we have in using Application Security practices is where to start, and how to get value. The world is being driven more and more by network-connected applications and services that are constantly under attack from the curious and malicious. What should you do If you aren’t involved with AppSec and still want to get started using AppSec practices? By adding steps to your daily practices and build pipeline, you can iteratively add AppSec practices to your process and increase the security of your software. Join Tom as he lays out a plan for AppSec: where to start, how to achieve success, and build on it. We will also talk about what to do next, how you should introduce AppSec in your development process, and where AppSec should go in your build pipeline. Finally, we will discuss what can be accomplished with tools and what still needs to be done by a person.

DevOps Automation
DevOps Practices
Security
Security
Developer
DevOps
Tom-Stiehm

Tom Stiehm

Coveros

Tom Stiehm has been developing applications and managing software development teams for over twenty years. As CTO of Coveros, he is responsible for the oversight of all technical projects and integrating new technologies and testing practices into software development projects. Recently, Tom has been focusing on how to incorporate DevSecOps and agile best practices into projects and how to achieve a balance between team productivity and cost while mitigating project risks. One of the best risk mitigation techniques Tom has found is leveraging DevSecOps and agile testing practices into all aspects of projects. Previously, as a managing architect at Digital Focus, Thomas was involved in agile development and found that agile is the only methodology that makes the business reality of constant change central to the process.