Overview

Creating secure innovation at speed and scale is the way of the future.  It is not enough to follow customers home and build something they need; security is an integral part of the equation.  Achieving safer software begins with designing security into what we build everyday and results in software so well-maintained that it cannot be abused easily.  Essentially, software that meets the needs of customers and stands up to the level of trust they demand.

DevSecOps has been born out of sheer evolutionary necessity and extends from decades of passion for securing software.  It is not a specific means of completing work but a model and mindset for achieving secure innovation at speed and scale.  At its core, DevSecOps is mastered by dedication to continuous improvement of software through great design, superior implementation, balanced controls, and meticulous maintenance.  It is not wrapped up in the people that do the work but the desire for a method that allows for iteratively securing innovation at speed and scale.

To get started with DevSecOps, it is important to understand the technology landscape driving the demand for this change.  In recent years, the barrier to entry for start-ups to disrupt large enterprise markets has lowered and the demand for innovation on the rise.  This has triggered enterprises to look at how they might be disrupted.  At the top of the list, start-ups use lean development practices, agile and scrum to complete work, DevOps to support collaboration and coordinated maintenance, Software Defined resources, and Cloud services in order to reduce time to market.   It is an evolutionary set of changes that have both created a marketplace and leveled the playing field.

Along the way, we have seen the introduction of Agile, DevOps, Rugged Software and other influential changes helping to transform the business of transacting securely.  Getting started with DevSecOps requires commitment to a number of significant changes in skills, culture, technology and process because it is often not as simple as embedding Security into DevOps or vice versa.   

In this section, you'll find a continuously evolving journey for DevSecOps which explores some of the challenges and experiments being run daily.   The information is constructed to allow for different variations and paths to be created so that a community of practitioners can help bring new information to bear through the practice of continuous science.  And more importantly, there are a few chicken & egg scenarios while evolving from Traditional Security to DevSecOps that require some contemplation and experimentation.

 

Comment

Shannon Lietz

Shannon Lietz is an award winning leader and technologist focused on advanced security, DevOps, and cloud adoption.  With 25+ years experience, she has found her passion in helping others secure their technical projects to solve the world’s problems at speed and scale.  She currently works at Intuit as the Director of DevSecOps and Chief Security Architect.  She is inspired by great collaboration and high performing teams focusing her time and energy on fostering the adoption of Rugged Software practices with DevSecOps.