Sign up to save your podcasts
Or
Share DevSecOps
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DevSecOps
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-devsecops/)
We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other?
Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Sumedh Thakar (@sumedhthakar), president and chief product officer, Qualys.
Thanks to this week's podcast sponsor, Qualys.
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
On this episode of Defense in Depth, you'll learn:
- It's debatable whether the term "DevSecOps" should even exist as a term. The argument for the term is to just make sure that security is part of the discussion, but security people feel that's redundant.
- Security is not an additional process. It should be baked in. It's an essential ingredient.
- But should it really be seen as "embedding" or rather a partnership? Developers and operations operate as partners.
- Instead of dumping security tools on developers and just demanding "implement this" security needs to go through the same transition development had to go through to be part of "Ops".
- As DevOps looks forward to what's next, how can security do the same?
- Security is unfortunately seen as an afterthought, and that's antithetical to the DevOps philosophy.
- Security is an innate property that imbues quality in the entire DevOps effort.
- Security will slow down DevOps. It's unavoidable. Not everything can be automated. But, if you deliver the security bite-sized chunks you can get to an acceptable level of speed.
- Business needs to specify the security requirements since they were the ones who specified the speed requirements. That's how we got to DevOps in the first place.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-devsecops/)
We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other?
Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Sumedh Thakar (@sumedhthakar), president and chief product officer, Qualys.
Thanks to this week's podcast sponsor, Qualys.
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
On this episode of Defense in Depth, you'll learn:
- It's debatable whether the term "DevSecOps" should even exist as a term. The argument for the term is to just make sure that security is part of the discussion, but security people feel that's redundant.
- Security is not an additional process. It should be baked in. It's an essential ingredient.
- But should it really be seen as "embedding" or rather a partnership? Developers and operations operate as partners.
- Instead of dumping security tools on developers and just demanding "implement this" security needs to go through the same transition development had to go through to be part of "Ops".
- As DevOps looks forward to what's next, how can security do the same?
- Security is unfortunately seen as an afterthought, and that's antithetical to the DevOps philosophy.
- Security is an innate property that imbues quality in the entire DevOps effort.
- Security will slow down DevOps. It's unavoidable. Not everything can be automated. But, if you deliver the security bite-sized chunks you can get to an acceptable level of speed.
- Business needs to specify the security requirements since they were the ones who specified the speed requirements. That's how we got to DevOps in the first place.
More shows like Defense in Depth
View all
Hacked
186 Listeners
Security Now (Audio)
2,011 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
CyberWire Daily
1,026 Listeners
Smashing Security
318 Listeners
Click Here
419 Listeners
Darknet Diaries
8,075 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
195 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners
Hacker And The Fed
167 Listeners