DevOps Is Automation, DevSecOps Is People

Mike Shema at AppSec California 2018

A lot of appsec boils down to DevOps ideals like feedback loops, automation, and flexibility to respond to situations quickly. DevOps has the principles to support security, it should have to knowledge and tools to apply it. Real-world appsec deals with constraints like time, budget, and resources. Navigating these trade-offs requires building skills in collaboration and informed decision-making. On the technology side, we have containers, top 10 lists, and tools. Whether we are focused on more efficient meetings or trying to driving change across an organization, we need equal attention on techniques that make the social aspects of security successful. We build automation with apps. We build relationships with people. This presentation explores methods for establishing incentives, encouraging participation, providing constructive feedback, and reaching goals as a team. It shows different ways to use metrics and communication to drive positive behaviors. These are important skills not only for managing teams, but for influencing appsec among peers and growing a career.Security is an integral part of DevOps. And, yes, it's made of people.

Mike Shema is VP of SecOps and Research at Cobalt.io. Mike's experience with information security includes managing product security teams, building web application scanners, and consulting across a range of infosec topics. He's put this experience into books like Anti-Hacker Tool Kit and Hacking Web Apps. He has taught hacking classes and presented research at conferences around the world.

Twitter handle: CodexWebSecurum