The Need for Speed: Application Security in a DevOps World

Over the summer, I had the opportunity to present at the RSA Asia Pacific & Japan Conference on the topic of DevOps and security. In the last 6-12 months, and especially in the time since submitting this topic, we’ve seen the accelerated rise of DevOps. The challenge is that we haven’t solved the problem of security of software, and now we’re going a million miles an hour. There’s inherent risk in this fail fast mentality with regards to security.

The number one credo in the industry today is the push to shortening time to market at the expense of almost everything else. With that in mind, can security remain relevant?

Given this trend to move quicker, the key issues outlined in my presentation included:

  • The need to ramp up IQ around AppDev and DevOps. Most security leaders come from a Network Security background. They might not have known AppDev to start and certainly don’t know it now that it is moving faster.
  • The need to adapt to the culture of the organization. The culture of a Netflix versus a Bank of America is radically different and takes adapting what you are hearing to that particular environment.
  • The need to come up with a tactical plan for the next 6-12 months. Security leaders should be asking themselves, “What am I going to do to insert myself as the risk advisor to the business?” The key objectives are to protect customer data and minimize brand risk.

For more information, watch my interview with Editor in Chief of RSA Conference Jennifer Lawinski below and view the slide deck from my presentation.

About John Dickson

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years' hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO's) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.
More Posts by John Dickson

2 Responses to “The Need for Speed: Application Security in a DevOps World”

  1. Gogi Dickson

    I watched intently and learned much. Your presentation style is awesome and I approve!

  2. Bruce C Jenkins

    Sixteen years ago I ran a “development and operations” organization, and, indeed, we were doing DevOps–we just didn’t call it DevOps back then. My org was certainly an edge case, and if I were a visionary guy perhaps back then I would have coined the term….

Leave a Reply

Your email address will not be published. Required fields are marked *