Agile + DevOps West 2019 Tutorial: Tools for DevSecOps

Conference archive


Tuesday, June 4, 2019 - 8:30am to 12:00pm

Tools for DevSecOps

Add to calendar

DevOps is about creating alignment across the value stream for an application, service, or product. DevSecOps integrates security into this process, making the entire team responsible for delivering secure code that works and can be deployed and used securely. But how do you actually do that? What tools do you add to your DevOps pipeline to help make your software secure and provide your stakeholders with a high level of confidence that the software meets all security requirements & standards? In this tutorial Tom Stiehm will explore what security tools you can add to your DevOps pipeline and how to leverage those tools during delivery to achieve a high level of confidence in the security of your software. Real world examples will be discussed with a demonstration of an actual running automated DevOps pipeline that incorporates security tools. Discover how the output of security tools can provide valuable feedback to your team for improving the security of your software. Learn how, when, and where to place various types of security tools into your pipeline and use them effectively. In today's connected world it is important to use everything you can to make sure your software does not land you on the cover of the Wall Street Journal because of a massive breach in security.

Tom Stiehm
Coveros, Inc.

Tom Steihm has been developing applications and managing software development teams for over twenty years. As CTO of Coveros, he is responsible for the oversight of all technical projects and integrating new technologies and testing practices into software development projects. Recently he has been focusing on how to incorporate DevSecOps and agile best practices into projects and how to achieve a balance between team productivity and cost while mitigating project risks. One of the best risk mitigation techniques Tom has found is leveraging DevSecOps and agile testing practices into all aspects of projects. Previously, as a managing architect at Digital Focus, Tom was involved in agile development and found that agile is the only methodology that makes the business reality of constant change central to the process.