DevSecOps is a Misnomer




DevSecOps is a misnomer. The idea that Security is smashed in between Dev and Ops is exactly the problem we face. Many believe security is the blocker before getting their application out to production. Owned by some distant, unapproachable team, security can seem like the new deep divide with a ‘throw it over the wall’ mentality.

Instead, Security must be sprinkled throughout the DevOps cycle, taught from the beginning when developing best practices, and owned by the entire team. In this talk, I will share 1 slide that overlays exactly where Security fits in the “DevSecOps” pipeline and culture and pipeline touching on specific challenges companies face, and the things they do to address those challenges from Threat Modeling and Risk Classification, Security Education, Automated Policy Enforcement, Secrets Management, Vulnerability Scanning, SAST and DAST, monitoring, and more.

Speaker

victoria-geronimo

Victoria Geronimo


Victoria Geronimo originally hails from the nation’s third smallest state, where she grew up playing both Barbies and Indiana Jones in the woods. She attended the University of Maryland, College ...