It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep DevSecOps culture from becoming a reality. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share evidence that organizations are still failing to mature their processes in order to achieve the ideals of a shared responsibility culture. Through her analysis, Alyssa identifies tangible, practical actions that organizations can take immediately to begin improving collaboration and enablement within the DevSecOps pipeline. Alyssa will demonstrate what steps can be taken to create mutual enablement between Development, Security, and Operations disciplines. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be cultivated and extended into the broader business.
About the Speaker
Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs. She speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level security program strategies, to issues within the security community itself. She is a member of the Board of Directors for Women of Security (WoSEC), an Advisory Board member for Blue Team Con in Chicago, and she current works as an Application Security Advocate for London-based Snyk Ltd.