With remote work here to stay and more employees utilizing apps in the cloud more than ever, fully realizing DevSecOps needs to be part of every organization’s strategy in 2021. DevSecOps requires cybersecurity teams to collaborate with DevOps to stay multiple steps ahead of adversaries. The year 2020 proved that increasing an organization’s agility requires operationalizing security through DevSecOps pipelines.

Is it possible for DevOps and security practitioners to collaborate and build DevSecOps pipelines? In this session, I will cover the current challenges in integrating security tools into DevSecOps pipelines. An example tool would be Center for Internet Security’s CIS-CAT assessor, which was never built to be used in CI/CD. I will demonstrate how it can be used to scan infrastructure after it is built with a Terraform configuration and uses Vault for credential management to authenticate CIS-CAT to enable the CIS Benchmark assessment.

Session overview:

- How remote work is driving the need for DevSecOps
- Challenges that DevOps face trying to collaborate with cybersecurity teams
- How to create real-world DevSecOps pipelines
- Demo of example DevSecOps pipeline with security baked in at each step