If it does not fit, it does not get done. For many DevOps practices, application security falls into the “does not get done” bucket. That’s because for many DevOps-centric organizations, application security has historically been done somewhere else, by someone else, who is slow.
Go faster. Shift left. Remove complexity. Reduce rework. All mantras of DevOps practices. And while DevOps practices have changed dramatically in recent years, many experts will tell you that application security has not changed enough.
In this installment of the DevOps Leadership Series, you will hear Chris Corriere (DevOps Engineer, Autotrader) and Mitchell Ashley (VP Information Technology, CableLabs) share perspectives on the state of DevOps and security. It is about security at velocity.
But is going faster and automating resulting in better security? There are still security pros who are uncomfortable with that premise. Nevertheless, that is where this is headed. The security community has to come to the mountain, otherwise the mountain is coming to them.
First, listen to Chris’ Corriere of Autotrader tell us his perspective that security can move at DevOps speed, as long as you take a diversified approach:
https://youtu.be/8DdfHkAK1Fk
Then hear from Mitchell Ashley, VP of IT at CableLabs as he remarks on the evolution of security from a validation role (at the right) to an integrated, ingrained role that has shifted left:
https://www.youtube.com/watch?v=pg_m7dYqUPU
This is the third in our series of interviews from this event. Stay tuned as the actual sessions from DevOps Connect will be posted shortly.
NOTE: If you have missed any of the other videos from this series, you can find them here. (We’re up to 15 so far).