Integrate Security into DevOps
Software security often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road-blocking activity on a fast release cycle. Secure software developers must follow a number of guidelines that, while intended to satisfy regulations, can be very restrictive and difficult to understand. Hasan Yasar believes that the Secure DevOps movement combats this negative view by shifting the paradigm. Rather than blindly following required security practices and identified security controls, Secure DevOps developers learn how to think about making their applications more secure and better able to absorb attacks while continuing to function. This shift in thinking from a “prevent” to a “bend, don’t break” mind-set provides more flexibility when dealing with attacks. Join Hasan as he explores how to integrate secure coding into your DevOps process—with a focus on continuous integration, infrastructure as code, continuous deployment, and an automated integrated development platform.
Hasan Yasar is the technical manager of the secure lifecycle solutions group at the Software Engineering Institute (SEI). Hasan leads an engineering group tasked with developing prototype solutions with associated DevOps processes while providing expertise and guidance to SEI's clients. He has more than twenty-five years’ experience as senior security engineer, software architect, and manager in all phases of secure software development. Hasan specializes in secure software solutions design and development in the cyber security domain including data-driven investigation and collaborative incident management, network security assessment, and automated large-scale malware analysis. He is an adjunct faculty member at CMU Heinz College and Institute of Software Research.