563 words, 2.1 minutes read. By Gerard Blokdyk
DevSecOps 1 big thing: Establish and maintain project communication and set project quality and performance standards.
The big picture: Work with the Design, Engineering, Product, Marketing, and IT teams to architect, implement, and maintain automated software installs on multiple environments, production deployments, and infrastructure needs to support a secure CI/CD strategy.
Why it matters: Partner with Information Security to drive a DevSecOps mindset across IDS and to ensure that the DevOps tools are secure and used in a secure manner.
Under the hood: Serve as a primary point of contact for Security Incidents to minimize the impact and then conduct a technical and forensic investigation into how the breach happened.
Top DevSecOps Must Haves
DevSecOps Executives tell us every quarter about their must haves.
Here are their most urgent ones:
Learn the Top Emerging DevSecOps Risks HERE: store.theartofservice.com/DevSecOps-critical-capabilities/
Top thinkers are using The Art of Service Critical Capabilities Analysis, the guide that’s helping leaders stay ahead of what’s next.
This guide will help you plan your roadmap. The Critical Capabilities and Priorities Guide enables leaders to shortlist hundreds of appropriate results, already prioritized.
Get started: store.theartofservice.com/DevSecOps-critical-capabilities/
What we’re hearing: “AppSec/DevSecOps capabilities include concepts such as Secure-by-Design, DevSecOps, Secure Software Development Lifecycle (S-SDLC), Threat Modeling, Requirements Gathering, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Penetration Testing, and Code Remediation.“, Cloud Administrator Azure VBECS
Go deeper: Plan, evaluate, recommend, design and implement security solutions for moderately complex projects, including preparation of cost justifications, use cases, alternative solutions, and technical recommendations.
Be smart: Take Data Science models and scale them out to production by creating DevOps pipelines that automate the data collection, prep, transform, analyze, experiment, train, validate, serve, monitor, etc.
How it works: Manage the overall efforts for these the following risk identification, reduction, and avoidance programs: Static Application Security Test (SAST), Dynamic Application Security Test (DAST), Interactive Application Security Test (IAST), Mobile Apps Security, Integration of Automated Security Testing Capabilities into DevOps CICD pipelines (DevSecOps), Technical Secure Developers Training, and App Security Test Tools Support and Research.
What to watch: Certify your organization is responsible for the designing of interface standards, quality assurance standards, performance standards, and cost-benefit analysis of modern state-of-the art information systems; analyzes available technologies and makes recommendations of technologies to use and how best to use them.
State of play: Use Extreme Programming (including working as a pair programmer) and DevSecOps best practices to iteratively build features of the application for testing and feedback.
Between the lines: Use DevSecOps to accelerate enterprise cloud adoption while enabling rapid and stable delivery of capabilities using continuous integration and continuous deployment principles, methodologies, and technologies.
Meanwhile: Guarantee your strategy has responsibility for hiring, training, motivating, and retaining top employees resulting in the development and maintenance of a high performance team.
The bottom line: Make sure your design is working with scrum teams to build and deliver software releases and infrastructure improvements through improved CI/CD processes.
What’s next: Make sure your design designs and develops digital architecture (integrated processes, applications, data and technologies) solutions for new products/services, applications and service offerings to support current software/platforms and transformation.
ICYMI: Work with a team of engineers in developing open source tools and processes for the entire SDLC: threat modeling, cloud infrastructure, DevSecOps pipelines, vuln management, pen testing.
A MESSAGE FROM THE ART OF SERVICE
Get started: store.theartofservice.com/DevSecOps-critical-capabilities/
Trusted by: SafeGuard Cyber, Concerto Card Company, FedEx Services, Intone Networks, NetImpact Strategies Inc., Northrop Grumman, Northwestern Mutual, Scope Infotech, Mutual of Omaha, PingWind Inc., Rural Sourcing Inc., Avum, Inc., Sierra7, Tranquil Multi Dynamic Advisory, Indeed, General Dynamics Information Technology, Pantheon, altran, Not Defined, US Immediate Office of the Chief of Naval Operations, Rampart Communications Inc, Morgan 6, LLC, Genomic Life, US Federal Deposit Insurance Corporation, Cardinal Health, Booz Allen Hamilton, ARiA, Faith Technologies Inc., Intermedia.net, Inc., TikTok, Changeis, Alteryx, Inc., Caterpillar, Sonos, Inc, Code Dx Inc, Trek10, CVS Health, Eli Lilly, Golden Tech Systems, Smartsheet, Snyk, Cerner Corporation, MAXIMUS, Capgemini, SAIC, BLN24, Sabel Systems, Proit Inc, Amazon Web Services, Inc., Gartner, Cloud Computing Technologies, Aqua Security, VariQ Corporation, CyrusOne, LLC., Capital Group, Global InfoTek, Inc., Global InfoTek Inc, Bigbear.ai, Turing.Com, Ferguson, Github, Tenneco Inc., Best Buy, Geocent, EATON, Advanced Micro Devices, Inc., VerSprite, Humana, iSenpai, Golden Tech Systems Inc., Peraton, Credence Management Solutions, LLC, Valiant Solutions, LLC, Tyto Athene, LOCKHEED MARTIN CORPORATION, Blue Cross Blue Shield of Massachusetts, GuidePoint Security, Dawson, Gray Analytics, Dell Technologies, Q2ebanking, DSoft Technology, Engineering & Analysis, Signet Jewelers, Parsec, Reify Health, MetroStar, Karsun Solutions, LLC, Chenega Corporation, World Wide Technology, Inc., ManTech International Corporation, Salesforce, HealthJoy, NAPA Auto Parts, TurningPoint Healthcare Solutions, LLC, UBS, Saviynt, BOEING, Volant Associates, LLC, Deloitte, Allscripts, Principal Financial Group, Prudent Technology, HEB, RightDirection Technology Solutions, William Hill US, CORMAC, BluBracket, Concept Solutions, Akeyless, ITR, Wisconsin Physicians Service Ins. Corp., Home Depot / THD, Virtusa, Slalom Consulting, Ironclad Technnology Services, Mission Lane, Harvard University, The Hanover Insurance Group, Intradiem Inc, GCI, Innovecture, Palo Alto Networks, Scholastic, Data Theorem, Starkey Hearing Technologies, Mattel, Vidoori inc, Dark Wolf Solutions, Chargebee, Garmin, Ensemble Health Partners, The Coca-Cola Company, Adobe, Cognosante, LLC, US Court Services and Offender Supervision Agency for DC – Agency Wide, Vidoori, ViaSat, Cummins Inc., IT Data Solutions, Stericycle, Tokio Marine HCC, Universal Orlando, Citizens Property Insurance Corporation, DICK’S Sporting Goods, Zipline, Honeywell, Zions Bancorporation, RB Consulting Inc., IBM, Mednax, SBG Technology Solutions, General Dynamics Mission Systems, Inc, Edmunds.com, The Scotts Miracle-Gro Company, Anchore, State Farm, Applied Information Sciences, Guardian Life Insurance Company, Everbridge, Envision, BT, Canonical, Gap Inc., Raft Company Website, JCS Solutions LLC, LUMA Institute LLC, Paradyme Management, NexHealth, FIS Global, Cyprus Credit Union, Alion Science and Technology, Dev Technology Group, Leidos, SRC, Inc., Broad Institute, By Light Professional IT Services LLC, Jacobs, US Deputy Assistant Secretary for Information and Technology, Inteleos Inc, kraken, Iron Mountain, Lenovo, Delta, Geologics Corporation, TD Bank, Applied Insight, UKG (Ultimate Kronos Group), iWorks Corporation, Sterling Computers Corporation, Phoenix Logistics, LLC, mParticle, The MITRE Corporation, Greenbrier Leasing Company LLC, LinQuest, Acuity INC, Guidehouse, Fannie Mae, L3Harris Technologies, Kaiser Permanente, Huntington Ingalls Industries Inc., Accenture, Kimberly-Clark, FanDuel, Cars.com, Wintrio, Chenega MIOS, Miracle Software Systems, Barclays, Cisco Systems, BOK Financial, Indigo, Facebook, NOKIA, DTCC, App Annie, Oasis Systems LLC, Savvas Learning Company, MRE Consulting, Ltd.(CK), U.S. Bank, Phillips 66, Kraft Heinz Company, MasterCard, Dovel Technologies, LLC, CSEngineering, Oracle, QBE, InVisionApp, Silotech Group, Inc, Audley Consulting Group, DevTech Systems, Inc., Genesis Consulting Partners, LLC, Ensono, BridgePhase, Raytheon Intelligence & Space, Apriori, Amtrak, Philips, Wipro Limited, Pratt & Whitney, NJ Transit, deciBel Research, Inc., RevaComm, BAE Systems