Secure DevOps

Post: DevOps Demystified: A Primer for Security Practitioners

  Key starting points for those still struggling to understand the concept. Back when I was burning up the ISSA and ISACA speaking circuit, I passed out a quiz before each presentation. The quiz focused on application development terms that an entry-level software developer could easily answer, such as, “what’s a software library?” and “what’s an IDE?” As I […]

Post: Meet the Denim Group RSA 2018 Travel Team

  It is that time of year. RSA is always a great event – the way it concentrates people in our industry makes it a fantastic opportunity to meet with clients, prospects, partners, press, analysts, and the ever-sought-after “thought leaders.” There is also a bit of a nonsense that has grown up around the RSA […]

Post: Application Security in 2018: Questions Rather than Answers

    If you’re like me, you just survived the onslaught of “what we saw in 2017” lists, only to be inundated shortly thereafter by “what we will see in 2018” predictions in security. As a vendor in the application security space, we’re in the thick of things. We have our ears to the ground, […]

Post: Effective Application Security Testing in DevOps Pipelines

Introduction Businesses and development teams are rushing to embrace DevOps so they can be more agile, deploy code more quickly, and provide more value to their customers. Hallmarks of DevOps initiatives are support for significant automation, flexible provisioning, and cultural support for shared responsibilities. This often makes security teams uncomfortable, and they find themselves on […]

Post: The Need for Speed: Application Security in a DevOps World

Over the summer, I had the opportunity to present at the RSA Asia Pacific & Japan Conference on the topic of DevOps and security. In the last 6-12 months, and especially in the time since submitting this topic, we’ve seen the accelerated rise of DevOps. The challenge is that we haven’t solved the problem of […]

Post: 2016 Post Gartner Recap

                     Now that the dust has settled on the annual 2016 Gartner Security and Privacy Symposium, we can look back through a clean lens and identify themes that bubbled to the surface of the different sessions. Although a critical mass of security leaders were in attendance, […]