CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

What is DevSecOps?

This video is a clip from the full conversation about implementing and understanding DevSecOps in modern development companies.

Video Transcript

[Music] you spoken a lot about Dev secops so this is a fairly new term right we love acronyms and security and sometimes acronyms get thrown around by marketing companies to try and make it out but what in your perspective what is Dev stick on I look at devsecops two ways the first way is if you have an Enterprise that has already made moves into devops bringing their development teams and operation teams together and breaking down those silos it's bringing security into that into that devops life cycle and processes so it's automated scanning it's scanning code at rest it's scanning in production it's security at every phase it was a part of the devops discussion that was missing in the early days unfortunately if you look the second way I look at it is for companies that are moving from traditional waterfall software development life cycle or ad hoc life cycles they built themselves it's moving to more iterative life cycle following devops principles and putting in security at each step of that process to ensure that they're releasing secure and compliance software on our regular Cadence right so it's kind of an evolution of devops the conversations I I've been privy to along the way first of all to take a step back I see that devsecops is going to subsume the devops conversation entirely in the next couple of years smaller startups that are starting from scratch are ideal candidates just to move straight to a dubsecops model even the federal go and if you look at large Enterprises even the federal government and parts of the Department of Defense have moved to dubsecops models for for that continuous release of secure software granted larger Enterprises have the resources the people the funding for training and and the addition of new tools so they're probably going to be in positions where they're starting small and expanding out a couple of teams are going to move to a devsecops model they're going to build on those successes internally they're going to sell those successes and then if everything works right that's how adoption picks up across a large Enterprise