I recently had the pleasure of attending Jenkin’s World 2017 where I served on an expert DevSecOps panel alongside Pete Chestna of Veracode, Anders Wallgren of Electric Cloud, Curtis Yanko of Sonatype, and Rob Stroud of Forrester. Our discussion was led by Alan Shimel of DevOps.com.
During the panel, “It’s Not You, It’s Not Me, It’s We: DevSecOps”, we discussed what it really takes to successfully make security everyone’s responsibility—the significance of looking at security across development, operations, QA and every other function, and not just security.
There is a fundamental need for education, tools and cultural changes in order to fully embrace the opportunity DevOps offers to make our code, apps and organizations more secure. Security needs to be built in from the start rather than bolted on at the end. The best way to achieve this is through not just you, or me, but we.
Alan Shimel, DevOps.com discusses his key takeaways from the panel discussion It’s Not You, It’s Not Me, It’s We: DevSecOps