Speakers
Synopsis
Cost is the most powerful driving factor of everything we do in a DevSecOps program (or anything in general) and yet, more often than not, focus is on the well-discussed trilogy - People, Process and Technology. In this talk I will provide the cost perspective of it and share my real-world approaches, experiences & learnings of a scalable DevSecOps program. This talk emphasises on practical optimisation techniques and learnings derived from real-world challenges and will help application security leaders to understand how they can allocate the limited resources to enable the developers to build the software faster, frequently and securely.
In today’s time everyone will agree and we have enough data to prove that
- Business demands software fast and frequent and secure
- Technologies are growing at unprecedented rate
- Organizations are operationally complex
- Software security skill gap is real
- Software security is tough
- Budget is limited
We have several good contents covering the significance of the well-discussed trilogy in software security - People, Process, Technology. In this talk, I will share an in-depth analysis of the cost aspect of a DevSecOps program and demonstrate strategies to optimise the limited resources to secure software faster and align with modern SDLC. This talk will provide the guidelines and learnings to application security leaders to devise and operationalize a DevSecOps program aligning with their organisation's business needs.
The content of this talk will be supported with real-world examples and techniques of cost optimisation like automation, self-service security services, contextual analysis, and open source solutions usage.