Roadmap to DevSecOps Adoption with OWASP Bay Area
Oct 19, 2023 at 6:45 PM
Roadmap to DevSecOps Adoption with Case Studies: 45-Minute Talk
Date: Oct 19, 2023
Time: Thursday, Oct 19, 6:45pm PDT to 7:30pm
Duration: 45 mins
Location: Semgrep Office
Format: Interactive talk
Drinks and Food provided at the venue: Yes
Introduction (5 minutes)
Brief on traditional DevOps.
The rising need for security: Introducing DevSecOps.
The benefits of integrating security into the CI/CD pipeline.
Key Principles of DevSecOps (5 minutes)
DevSecOps vs. traditional security models.
The continuous nature of DevSecOps: Continuous Integration, Continuous Delivery, Continuous Security.
"Shift Left" philosophy: Implementing security in the early stages.
Automation: Making security checks automated and integral to the pipeline.
Collaboration: Breaking silos between Dev, Ops, and Security teams.
Starting the Journey - Cultural Shift (5 minutes)
Building a collaborative culture: Communication and training.
Security as everyone's responsibility.
Setting up Your Toolchain (15 minutes)
Identifying the right tools for:
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Interactive Application Security Testing (IAST)
Integrating these tools into the CI/CD pipeline.
Continuous monitoring and real-time feedback loops.
Key Challenges in DevSecOps Adoption (10 minutes)
Resistance to change.
Addressing false positives in automated security checks.
Balancing speed with security.
Continuous training and staying updated with evolving threats.
Best Practices (7 minutes)
Regularly updating and patching tools and systems.
Collaborative threat modeling.
Continuous feedback loop: Learning from security incidents.
Prioritizing security debts alongside other technical debts.
Measuring Success (3 minutes)
Key Performance Indicators (KPIs) for DevSecOps.
Reduced number of security incidents.
Faster incident response time.
Number of vulnerabilities detected and addressed in the early stages.
CEO & Co-Founder at Akto
CTO & Co-Founder at Akto