DevSecOps is a holistic automation approach to enable collaboration between cybersecurity and DevOps. Enterprise is looking for answers when it comes to modern solution delivery where everything is software-defined IT-as-Code.

The problem is that while DevSecOps is an inclusive term, most security teams argue they remain left out of the effort to automate deployment processes. While DevOps teams and their tools are progressing along the automation curve, security teams are left to manual and repetitive workflows. As a result, DevOps and security teams are not collaborating.

Most enterprise want to be able to continue to use their existing IT investments and modernize with automation. This requires looking at the ability to leverage security tools in a CI/CD pipelines to achieve realistic DevSecOps.

To start this requires looking at manual handoffs from DevOps to cybersecurity, and figuring out how to incorporate their use cases and automate with their tools. Center for Internet Security benchmark assessments for compliance related use cases are a great place to start.

In this session I will cover how to incorporate security tools like Center for Internet Security’s CIS-CAT assessor into existing CI/CD processes to start building end-to-end DevSecOps pipelines that enable DevOps and cybersecurity to collaborate through automation. This includes shifting left and starting at the beginning of the pipeline process. I will introduce a few security products that can automate routine security tasks such as scanning infrastructure-as-code for Kubernetes deployments, scanning infrastructure for CIS benchmark assessment against Kubernetes, and even performing remediation with open-source tools in continuous DevSecvOps pipelines.

Session overview:

- What is DevSecOps?
- Security challenges every enterprise faces
- How to start adding security to CI/CD pipelines
- Demo end-to-end Kubernetes DevSecOps Pipelines and Q+A