Secure DevOps

Post: 2020: The Changing Role of Application Security and Quality Assurance Teams

I recently had the opportunity to talk with Robert Lemos for his article “Application Security and Your Career: 5 Key Areas to Focus On” about the new skills required for application security and quality assurance teams. He included a couple of my comments in the article, and this blog post expands on those themes based on what […]

Post: Power, Responsibility, and Security’s Role in the DevOps Pipeline

[Spoiler alert – if you have lived under a rock most of your life and aren’t yet familiar with Spiderman’s origin story but wanted to read it one day, you probably want to do that before reading this post. You can actually see Amazing Fantasy #15 online at Archive.org. Go ahead and read it regardless; […]

Post: DevOps Demystified: A Primer for Security Practitioners

  Key starting points for those still struggling to understand the concept. Back when I was burning up the ISSA and ISACA speaking circuit, I passed out a quiz before each presentation. The quiz focused on application development terms that an entry-level software developer could easily answer, such as, “what’s a software library?” and “what’s an IDE?” As I […]

Post: Application Security in 2018: Questions Rather than Answers

    If you’re like me, you just survived the onslaught of “what we saw in 2017” lists, only to be inundated shortly thereafter by “what we will see in 2018” predictions in security. As a vendor in the application security space, we’re in the thick of things. We have our ears to the ground, […]

Post: Effective Application Security Testing in DevOps Pipelines

Introduction Businesses and development teams are rushing to embrace DevOps so they can be more agile, deploy code more quickly, and provide more value to their customers. Hallmarks of DevOps initiatives are support for significant automation, flexible provisioning, and cultural support for shared responsibilities. This often makes security teams uncomfortable, and they find themselves on […]

Post: The Need for Speed: Application Security in a DevOps World

Over the summer, I had the opportunity to present at the RSA Asia Pacific & Japan Conference on the topic of DevOps and security. In the last 6-12 months, and especially in the time since submitting this topic, we’ve seen the accelerated rise of DevOps. The challenge is that we haven’t solved the problem of […]