Automation for DevOps teams has made leaps and bounds, however cybersecurity teams are still cobbling together make-shift solutions, completing routine jobs manually or, worse, eschewing security best practices altogether in the name of efficiency. But cybersecurity teams are eager to get into the cloud, grow agile, and become intimately involved with the development process.

The goal of my session is to help attendees understand why it’s important to update the roles and resources of cybersecurity teams. Attendees of my talk will walk away with a renewed interest and excitement around how cybersecurity can be better implemented with DevOps to meet shared business goals; shaping a fresh perspective on security teams as an enabler instead of a blocker. They will also walk away with immediate next steps for modernizing the workflows of cybersecurity practitioners, so not only are cybersecurity practitioners equipped to succeed, but also optimally placed within an organization’s structure.

In my session, I will talk in general terms about the challenges of modernizing cybersecurity practitioners to-date, such as a lack of time, unavailability of tools and DevOps blockers. Then, I will cover how to create an organizational culture around elevating security, and then introduce education resources and CI/CD tools that help bring cybersecurity practices into the next era of IT-as-Code, where software defines everything we do. My talk will review the DoD’s Level Up Platform One initiative, which is leveraging CI/CD to help empower their cybersecurity warfighters internally. I’ll conclude by emphasizing a cultural shift, which begets modernization itself.