DevOps Is Automation, DevSecOps Is People presented at owaspapseccalifornia 2018

by Mike Shema,

Summary : Abstract: A lot of appsec boils down to DevOps ideals like feedback loops, automation, and flexibility to respond to situations quickly. DevOps has the principles to support security, it should have to knowledge and tools to apply it. Real-world appsec deals with constraints like time, budget, and resources. Navigating these trade-offs requires building skills in collaboration and informed decision-making. On the technology side, we have containers, top 10 lists, and tools. Whether we are focused on more efficient meetings or trying to driving change across an organization, we need equal attention on techniques that make the social aspects of security successful. We build automation with apps. We build relationships with people. This presentation explores methods for establishing incentives, encouraging participation, providing constructive feedback, and reaching goals as a team. It shows different ways to use metrics and communication to drive positive behaviors. These are important skills not only for managing teams, but for influencing appsec among peers and growing a career.Security is an integral part of DevOps. And, yes, it's made of people.