DevSec-Oops – secure delivery doesn’t have to be so hard
This event took place on Sep 21, 2022
WATCH THE EVENT
Chris Rutter | Security Principal
Why does securing our systems so often feel disruptive, box ticky, and well… hard? The transformation of software delivery over the last decade has given us plenty of practice building secure delivery into our systems, yet still we come up against the same problems again and again. Find out how to make DevSec-Oops a thing of the past in this talk with security transformation expert Chris Rutter.
By adopting a set of effective paths to software delivery, we’ve improved how we build, test, deploy, and operate software systems, gaining faster time to market and more reliable systems. So why, when it comes to security, do we still get bogged down by the hundreds of questions, the weeks of pen testing, and the avalanche of spreadsheets?
In this talk we’ll explore common frustrations encountered when securing products; we’ll dive into causes and provide concrete, practical, and battle-proven techniques to counter situations you’ll be all too familiar with:
Black-box security reviews and tests are blocking my release.
A massive chunk of security work just landed on me out of nowhere.
I can’t prove the value of any of this security work, other than I ticked some boxes and gained approval!
I spend hours and hours doing the same security activities and fixes, and so does everyone else I speak to.
Learn how to overcome these hurdles to build secure systems that comply with security requirements while enabling modern, agile and productive delivery at scale. We’ll explain why:
Empowering delivery teams to self-assess is key to genuinely securing software delivery.
Measuring security health is possible, and can be used to scale, prioritise and celebrate positive security improvements.
Empathy for your InfoSec team is crucial – they want to succeed and they’re part of the same organisation as you.
Friction and wasted time in security processes can, and must be removed
Join us for more ‘ooh’ and less ‘oops’ in your DevSecOps.