Session Name: Achieving Alignment of Software Security and Business Objectives via DevOps
In the realm of software security, the conversation has evolved from a project-centric focus to a program-level perspective that aligns with broader business objectives. While the ideal outcome of this shift is the seamless integration of security practices into business success, the transition from project-level to program-level thinking presents numerous challenges. Traditionally, discussions surrounding software security primarily revolved around project-specific measures such as code scanning, penetration testing, and reactive incident response. However, with the recognition that security should be closely tied to organizational risk, solution architecture, and overall business goals, a paradigm shift has occurred. In this session, we will explore the journey towards achieving alignment between software teams and business objectives at the program level. We will delve into the complexities and hurdles that arise during this transition, and discuss strategies for overcoming them. Attendees will gain insights into the benefits and challenges of this shift, and learn practical approaches for integrating security practices into program-level decision-making.
Hasan Yasar is the Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate and assure Transformation at the speed of relevance by leveraging, DevSecOps, Agile, Lean AI/ML and other emerging technologies to create a Smart Software Platform/Pipeline. Hasan has more than 25 years’ experience as senior security engineer, software engineer, software architect and manager in all phases of secure software development and information modeling processes. He is also Adjunct Faculty member in CMU Heinz Collage and Institute of Software Research where he currently teaches “Software and Security” and “DevOps: Engineering for Deployment and Operations ”