Back To Schedule
Friday, May 8 • 12:00pm - 12:50pm
DevOps Security? Oxymoron or Truism?

Log in to save this to your schedule, view media, leave feedback and see who's attending!

There’s “SecDevOps”, “DevSecOps”, DevOpsSec”, and just plain old security for DevOps. You might very well be confused? Software developers and security people haven’t been able to settle on a term, much less what it all means in practice. Many shops have developers who declare that security is too cumbersome for DevOps. At the same time, those charged with application security try for control of the DevOps chain. These positions are based in myths and misunderstandings; they lead to unnecessary friction. Security practices benefit from a DevOps mindset, and the automation and code that results. But first, myths must be busted. There is no inherent antipathy between security and DevOps. Even DevOps requires plans and structure. And security improves through iteration of bite-sized chunks.

A common myth of DevOps is that activities like architecture may be jettisoned in favour of automation. But, architecture typically requires at least some human analysis. A key part of architecture and design will be security thinking. Security thinking will be based in threat modeling. An examination of the integration of security activities, and especially threat modeling into the DevOps cycle is critical to implementing security in a DevOps loop.

Join Author and Master Security Architect, Brook S.E. Schoenfield, to learn about effective, proven DevOps security strategies.

avatar for Brook Schoenfield

Brook Schoenfield

Master Security Architect, IOActive
Brook S.E. Schoenfield is the Author of Secrets Of A Cyber Security Architect (Auerbach Publications, 2019) and Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015). As IOActive's Master Security Architect, he provides technical leadership for IOActive's... Read More →

Friday May 8, 2020 12:00pm - 12:50pm PDT
Terrace Lounge

Attendees (4)