Agile + DevOps East 2020 DevSecOps Summit Session - Go Beyond DevSecOps to Continuous Security | TechWell


Thursday, November 19, 2020 - 3:30pm to 4:15pm

Go Beyond DevSecOps to Continuous Security

Continuous. If you have been around DevOps for any length of time then you have heard this term. As in Continuous Integration, Continuous Build, Continuous Deployment, Continuous Delivery, Continuous Testing, Continuous Planning among others. Now we are living in a time when personal and data privacy matters more than ever, and so one "Continuous" is rising to the forefront: Continuous Security.

But what really IS Continuous Security? Is it simply a notion of running scans and tests as part of a pipeline and reporting vulnerabilities? We think it is much more then that. For years organizations have been good validating that applications perform the way they are intended to and do what they are supposed to do so that they can be relied upon. But today if is not enough for applications to just be functional - they must be trustworthy. Add in ever-growing regulations like GDPR, NYDFS, and CCPA and you'll find that if they are not trustworthy, you could face serious penalties or even charges. But how do you achieve and maintain trust? Security has to be of constant paramount importance. Which means, it's time Security to be continuous too.

We will start with a quick, short, brief view on the current thinking around DevSecOps and how this traditionally just focuses on adding security practices to pipelines. This is a great thing, but it is not enough We will then outline our view on Continuous Security and cover 6 key capabilities that we believe are paramount and we will illustrate key facts and ways to know if you are doing them well. Finally we will outline how these work together.


Rob Cuddy is a Global Application Security Evangelist for HCL providing thought leadership for the application security space. Prior to this role, Rob was with IBM for 14 years with roles in Application Security Evangelism, Worldwide Sales Enablement, Tiger Teams and Field Services. Rob has spoken at numerous events and conferences, including 2020 All Day DevOps, the Agile+Techwell DevSecOps Summit, Evanta CISO Summits, THINK, InterConnect, DevloperConnect, IBM Top Guns and many webinar events. Prior to IBM, Rob spent 13 years with 5 different companies working as a configuration management specialist. Rob graduated from the University of Southern California with a degree in Aerospace Engineering and is an avid fan of college football. When not at work, Rob enjoys spending time with his family, serving with his church, running and cycling.


Colin Bell has 30+ years of IT experience. Over the past 18 years he has specialized his skills in Application Security and the deployment of the AppScan portfolio to customers worldwide. His current role is within HCL Software team as the AppScan CTO.