Over the summer, I had the opportunity to present at the RSA Asia Pacific & Japan Conference on the topic of DevOps and security. In the last 6-12 months, and especially in the time since submitting this topic, we’ve seen the accelerated rise of DevOps. The challenge is that we haven’t solved the problem of security of software, and now we’re going a million miles an hour. There’s inherent risk in this fail fast mentality with regards to security.
The number one credo in the industry today is the push to shortening time to market at the expense of almost everything else. With that in mind, can security remain relevant?
Given this trend to move quicker, the key issues outlined in my presentation included:
- The need to ramp up IQ around AppDev and DevOps. Most security leaders come from a Network Security background. They might not have known AppDev to start and certainly don’t know it now that it is moving faster.
- The need to adapt to the culture of the organization. The culture of a Netflix versus a Bank of America is radically different and takes adapting what you are hearing to that particular environment.
- The need to come up with a tactical plan for the next 6-12 months. Security leaders should be asking themselves, “What am I going to do to insert myself as the risk advisor to the business?” The key objectives are to protect customer data and minimize brand risk.
For more information, watch my interview with Editor in Chief of RSA Conference Jennifer Lawinski below and view the slide deck from my presentation.