Ali Yazdani
DevSecOps culture
#1about 2 minutes
The evolution from traditional security to DevSecOps
Traditional security testing at the end of the pipeline creates friction and downtime, leading to the rise of DevSecOps to integrate security with development and operations.
#2about 2 minutes
DevSecOps is a culture, not just a set of tools
Implementing DevSecOps successfully requires focusing on its three core pillars—people, process and tools, and governance—rather than just adopting new technologies.
#3about 3 minutes
The people pillar and establishing shared responsibility
Breaking down traditional silos between development, security, and operations is crucial for creating a shared responsibility model where everyone contributes to security.
#4about 2 minutes
The technology pillar and automating security tests
Technology enables DevSecOps by automating repeatable security tests like secret scanning, SAST, and software composition analysis within the CI/CD pipeline.
#5about 2 minutes
The governance pillar for tracking progress and compliance
Governance provides structure through policy as code and visualization, helping teams track security posture, manage expectations, and ensure compliance.
#6about 2 minutes
Overcoming common DevSecOps implementation challenges
Successfully implementing DevSecOps involves navigating cultural resistance, ensuring seamless tool integration, and meeting complex compliance requirements like ISO 27001 and SOC 2.
#7about 2 minutes
Reducing costs by shifting security left
Shifting security practices earlier in the development lifecycle, such as with pre-commit hooks, significantly reduces the cost and effort required to find and fix vulnerabilities.
#8about 1 minute
Communication is key to a successful DevSecOps journey
Clear and consistent communication with developers about the purpose and implementation of security measures is the most critical factor in reducing friction and ensuring adoption.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
03:26 MIN
The cultural shift from DevOps to DevSecOps
You can’t hack what you can’t see
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
04:42 MIN
Integrating security into the DevOps lifecycle with DevSecOps
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
04:55 MIN
Exploring the core principles of DevSecOps
DevSecOps: Security in DevOps
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
05:52 MIN
Integrating security into the DevOps lifecycle (DevSecOps)
Demystifying DevOps—Pros, cons, dos & don'ts
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
04:29 MIN
The modern DevSecOps approach to application security
Maturity assessment for technicians or how I learned to love OWASP SAMM
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
02:32 MIN
Defining DevOps as a culture of collaboration
Demystifying DevOps—Pros, cons, dos & don'ts
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
05:26 MIN
The future of DevOps is system hardening and security
Demystifying DevOps—Pros, cons, dos & don'ts
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
01:14 MIN
Key lessons learned from implementing DevSecOps
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
Featured Partners
Related Videos
26:50Organizational Change Through The Power Of Why - DevSecOps Enablement
Nazneen Rupawalla
51:13Demystifying DevOps—Pros, cons, dos & don'ts
Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:
42:44The journey from developer to devops - what i've learnt along the way
Liam Hurrel & Alireza Chegini
45:08DevSecOps: Injecting Security into Mobile CI/CD Pipelines
Moataz Nabil
32:55Open Source Secure Software Supply Chain in action
Natale Vinto
41:51Why shifting left is so important for software developers
Jemiah Sius
33:20DevSecOps: Security in DevOps
Aarno Aukia
34:46We adopted DevOps and are Cloud-native, Now What?
Bruno Amaro Almeida
Related Articles
View all articles
.png?w=240&auto=compress,format)
From learning to earning
Jobs that call for the skills explored in this talk.
NTT DATA Deutschland GmbH
Remote
Node.js
Continuous Integration
NTT DATA Deutschland GmbH
Remote
Node.js
Continuous Integration