DevSecOps Summit | Agile + DevOps East

DevSecOps Summit

Wednesday, November 18 • 1:00pm-4:00pm ET &
Thursday, November 19 • 1:00pm-4:00pm ET

Why is learning about DevSecOps vital to you and your role? In the past few years, security integration within the DevOps pipeline has given rise to the idea of DevSecOps. Once seen as the bottleneck and inhibitor of the development and deployment process, security has become an integral part of the movement towards automation and the removal of manual oversight enforcement. As stated in the DevSecOps Manifesto, “We must adapt our ways to ensure data security and privacy issues are not left behind because we were too slow to change.” 

At the DevSecOps Summit, you’ll hear stories from practitioners in the field who are pushing forward with the idea of creating a secure application development pipeline, with security integrated from conception to deployment. They will explain how they made the cultural transformation from legacy development and deployment processes, to integrated systems that include security as a part of the process, not as an overseer or bottleneck to secure application development. This series of first-person talks will give you an ideal perspective on how you and your team can enable faster application development with more rapid deployment to production while integrating security into your DevOps initiatives.

Registration is free for conference attendees (simply "add-on" to any conference package), but you must reserve your seat in advance.
 

Already registered for Agile + DevOps Virtual? Click here to login and watch
the DevSecOps Summit live or on demand after the event.

Wednesday, November 18

DJ Schleen
Rally | United Healthcare
Verica.io

Blameless Retrospectives in DevSecOps at Global Healthcare Giants

Add to calendar
Wednesday, November 18, 2020 - 1:00pm to 1:45pm

Implementing a scalable DevOps program can seem like an impossible task at times. Add security into the mix and the challenge can appear insurmountable. Organizations around the world have come to realize the potential business impacts of adopting DevSecOps and how it can enable engineers to deliver more value to the market faster. While the prospect of transformation seems alluring, a great number of organizations are still unsure of where to start, what’s involved, how much it will cost and how to achieve success. Discussing our triumphs and tragedies not only bring clarity, but champion...

Learn More
Judy Johnson
Onyx Point

The Science of Compliance - Early Code to Secure Your Node

Add to calendar
Wednesday, November 18, 2020 - 1:45pm to 2:30pm

We all know that the earlier in the software development process, you start testing, the more money and time you save in the long run. This is the case not only with the coding process, but also with securing your systems. In this talk, we’ll talk about the difference between compliance and security, and how adding compliance is a measurable and repeatable way to make code more secure. We will discuss tools and methodologies for integrating compliance and inserting compliance checking at various places in the development process, starting with a compliant infrastructure, and continuing...

Learn More
Peter-Hesse
10pearls

Usability vs. Security: Having Your Cake and Eating It Too

Add to calendar
Wednesday, November 18, 2020 - 2:45pm to 3:30pm

In today’s rapidly changing marketplace, the usability of software is paramount to its adoption and success. However, we also recognize the need for solutions to have resiliency and security. How do you successfully navigate the tradeoffs between usability and security? Simple… you don’t! Instead of choosing one or the other, reject the false tradeoff and instead find ways to embrace both security and usability in your DevSecOps processes. Join Peter Hesse as he discusses strategies for getting security and user experience teams to work closely together, enabling the creation of better...

Learn More
Mathew-Arnow
Tidelift

A Modern Approach to Managing and Securing Your Open Source Dependencies

Add to calendar
Wednesday, November 18, 2020 - 3:30pm to 4:15pm

Ninety-two percent of applications contain open source components. Without careful maintenance, organizations open themselves up to exploits from malicious actors. Known vulnerabilities in an open source library can increase risk of compromise despite a development team’s best efforts and intentions. Relying on scanning tools to point out potential issues is not enough if you don’t also have a strategy in place to ensure those issues can be resolved. In this talk we’ll share a modern approach DevSecOps teams can use to better manage and secure their open source dependencies, ensuring...

Learn More

Thursday, November 19

Alyssa Miller
Snyk, Ltd.

So Happy Together: Making the Promise of DevSecOps a Reality

Add to calendar
Thursday, November 19, 2020 - 1:00pm to 1:45pm

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application...

Learn More
Rich Mills
Coveros

DevSecOps: Essential Pipeline Tooling To Enable Continuous Security

Add to calendar
Thursday, November 19, 2020 - 1:45pm to 2:30pm

As we embrace DevOps to optimize our Agility, we need to move away from slow, manually intensive processes into more of a continuous flow of software into production. Whether we are doing true "Continuous Deployment" straight to production or not, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). What we need is the visibility to know that our code is secure enough to pass muster every day. What we need is continuous security.

The DevSecOps movement is...

Learn More
Chris-Romeo
Security Journey

DevSecOps Culture: Laughing Through the Failures

Add to calendar
Thursday, November 19, 2020 - 2:45pm to 3:30pm

Rolling out DevOps + Security has its series of pitfalls. In this talk, we’ll explore real-world challenges, sprinkling in a bit of humor on behalf of the Internet, and work out the solutions to how to avoid these pain points using security culture. Examples include individuals with a non-collaborative mindset (not playing nice), security tools that provide zero value in the pipeline, old school thinking concerning requirements, the inability to perform threat modeling at DevOps speed, and many more. You’ll experience what can go wrong, to expose how to do things right.

Go Beyond DevSecOps to Continuous Security

Add to calendar
Thursday, November 19, 2020 - 3:30pm to 4:15pm

Continuous. If you have been around DevOps for any length of time then you have heard this term. As in Continuous Integration, Continuous Build, Continuous Deployment, Continuous Delivery, Continuous Testing, Continuous Planning among others. Now we are living in a time when personal and data privacy matters more than ever, and so one "Continuous" is rising to the forefront: Continuous Security.

But what really IS Continuous Security? Is it simply a notion of running scans and tests as part of a pipeline and reporting vulnerabilities? We think it is much more then that. For years...

Learn More