Secure DevOps

Post: Power, Responsibility, and Security’s Role in the DevOps Pipeline

[Spoiler alert – if you have lived under a rock most of your life and aren’t yet familiar with Spiderman’s origin story but wanted to read it one day, you probably want to do that before reading this post. You can actually see Amazing Fantasy #15 online at Archive.org. Go ahead and read it regardless; […]

Post: DevOps Demystified: A Primer for Security Practitioners

  Key starting points for those still struggling to understand the concept. Back when I was burning up the ISSA and ISACA speaking circuit, I passed out a quiz before each presentation. The quiz focused on application development terms that an entry-level software developer could easily answer, such as, “what’s a software library?” and “what’s an IDE?” As I […]

Post: Meet the Denim Group RSA 2018 Travel Team

  It is that time of year. RSA is always a great event – the way it concentrates people in our industry makes it a fantastic opportunity to meet with clients, prospects, partners, press, analysts, and the ever-sought-after “thought leaders.” There is also a bit of a nonsense that has grown up around the RSA […]

Post: Application Security in 2018: Questions Rather than Answers

    If you’re like me, you just survived the onslaught of “what we saw in 2017” lists, only to be inundated shortly thereafter by “what we will see in 2018” predictions in security. As a vendor in the application security space, we’re in the thick of things. We have our ears to the ground, […]

Post: Effective Application Security Testing in DevOps Pipelines

Introduction Businesses and development teams are rushing to embrace DevOps so they can be more agile, deploy code more quickly, and provide more value to their customers. Hallmarks of DevOps initiatives are support for significant automation, flexible provisioning, and cultural support for shared responsibilities. This often makes security teams uncomfortable, and they find themselves on […]

Post: The Need for Speed: Application Security in a DevOps World

Over the summer, I had the opportunity to present at the RSA Asia Pacific & Japan Conference on the topic of DevOps and security. In the last 6-12 months, and especially in the time since submitting this topic, we’ve seen the accelerated rise of DevOps. The challenge is that we haven’t solved the problem of […]