Sign up to save your podcasts
Or
Share DevSecOps
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DevSecOps
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-devsecops/)
We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Sumedh Thakar (@sumedhthakar), president and chief product officer, Qualys.
Thanks to this week’s podcast sponsor, Qualys.
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
On this episode of Defense in Depth, you’ll learn:
- It's debatable whether the term "DevSecOps" should even exist as a term. The argument for the term is to just make sure that security is part of the discussion, but security people feel that's redundant.
- Security is not an additional process. It should be baked in. It's an essential ingredient.
- But should it really be seen as "embedding" or rather a partnership? Developers and operations operate as partners.
- Instead of dumping security tools on developers and just demanding "implement this" security needs to go through the same transition development had to go through to be part of "Ops".
- As DevOps looks forward to what's next, how can security do the same?
- Security is unfortunately seen as an afterthought, and that's antithetical to the DevOps philosophy.
- Security is an innate property that imbues quality in the entire DevOps effort.
- Security will slow down DevOps. It's unavoidable. Not everything can be automated. But, if you deliver the security bite-sized chunks you can get to an acceptable level of speed.
- Business needs to specify the security requirements since they were the ones who specified the speed requirements. That's how we got to DevOps in the first place.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-devsecops/)
We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Sumedh Thakar (@sumedhthakar), president and chief product officer, Qualys.
Thanks to this week’s podcast sponsor, Qualys.
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
On this episode of Defense in Depth, you’ll learn:
- It's debatable whether the term "DevSecOps" should even exist as a term. The argument for the term is to just make sure that security is part of the discussion, but security people feel that's redundant.
- Security is not an additional process. It should be baked in. It's an essential ingredient.
- But should it really be seen as "embedding" or rather a partnership? Developers and operations operate as partners.
- Instead of dumping security tools on developers and just demanding "implement this" security needs to go through the same transition development had to go through to be part of "Ops".
- As DevOps looks forward to what's next, how can security do the same?
- Security is unfortunately seen as an afterthought, and that's antithetical to the DevOps philosophy.
- Security is an innate property that imbues quality in the entire DevOps effort.
- Security will slow down DevOps. It's unavoidable. Not everything can be automated. But, if you deliver the security bite-sized chunks you can get to an acceptable level of speed.
- Business needs to specify the security requirements since they were the ones who specified the speed requirements. That's how we got to DevOps in the first place.
More shows like Defense in Depth
View all
Security Now (Audio)
1,979 Listeners
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
183 Listeners
CyberWire Daily
1,009 Listeners
Smashing Security
312 Listeners
Click Here
413 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners
Hacker And The Fed
167 Listeners