Get Beta Access to Akto LLM Security 🚀

Join Beta now

Get Beta Access to Akto LLM Security 🚀

Join Beta now

Get Beta Access to Akto LLM Security 🚀

Join Beta now





Roadmap to DevSecOps Adoption with OWASP Bay Area

Oct 19, 2023 at 6:45 PM

DevSecOps talk
DevSecOps talk
DevSecOps talk

Roadmap to DevSecOps Adoption with Case Studies: 45-Minute Talk

Event Details:

  • Date: Oct 19, 2023

  • Time: Thursday, Oct 19, 6:45pm PDT to 7:30pm

  • Duration: 45 mins

  • Location: Semgrep Office

  • Format: Interactive talk

  • Drinks and Food provided at the venue: Yes

Introduction (5 minutes)

  • Brief on traditional DevOps.

  • The rising need for security: Introducing DevSecOps.

  • The benefits of integrating security into the CI/CD pipeline.

Key Principles of DevSecOps (5 minutes)

  • DevSecOps vs. traditional security models.

  • The continuous nature of DevSecOps: Continuous Integration, Continuous Delivery, Continuous Security.

  • "Shift Left" philosophy: Implementing security in the early stages.

  • Automation: Making security checks automated and integral to the pipeline.

  • Collaboration: Breaking silos between Dev, Ops, and Security teams.

Starting the Journey - Cultural Shift (5 minutes)

  • Building a collaborative culture: Communication and training.

  • Security as everyone's responsibility.

Setting up Your Toolchain (15 minutes)

  • Identifying the right tools for:

    • Static Application Security Testing (SAST)

    • Dynamic Application Security Testing (DAST)

    • Interactive Application Security Testing (IAST)

  • Integrating these tools into the CI/CD pipeline.

  • Continuous monitoring and real-time feedback loops.

Key Challenges in DevSecOps Adoption (10 minutes)

  • Resistance to change.

  • Addressing false positives in automated security checks.

  • Balancing speed with security.

  • Continuous training and staying updated with evolving threats.

Best Practices (7 minutes)

  • Regularly updating and patching tools and systems.

  • Collaborative threat modeling.

  • Continuous feedback loop: Learning from security incidents.

  • Prioritizing security debts alongside other technical debts.

Measuring Success (3 minutes)

  • Key Performance Indicators (KPIs) for DevSecOps.

    • Reduced number of security incidents.

    • Faster incident response time.

    • Number of vulnerabilities detected and addressed in the early stages.


Ankita Gupta

Ankita Gupta

CEO & Co-Founder at Akto

Ankush Jain

Ankush Jain

CTO & Co-Founder at Akto