In many organizations DevSecOps isn't working, it has been used to add more control over developers and add roadblocks to delivering applications. Across the board, there has been a negative impact on the CI/CD pipeline, resulting in longer cycle times, and worst of all, the systems aren't getting more secure. We know this because the breaches keep coming. DevSecOps needs to find a new way. This talk explores what is missing in most organizations, the intersection points between developers and security, and what to do about it. We'll discuss how composition and context work together, how to improve CI/CD pipeline issues, reduce the time for discovery of security issues, and provide collaboration between groups. Developers and security engineers alike will find this session useful as they find ways to work together along with tools, tips, and examples to overcome common obstacles.
James is the CEO and Co-Founder of DryRun Security, a devtool company that uses a first-of-its-kind Contextual Security Analysis to help developers create more secure software while writing and delivering applications and APIs. He is a dynamic speaker on software engineering topics ranging from security to development practices, and he has spent a lot of time at the intersection of the DevOps and Security communities. As an author, he created several courses on DevOps and DevSecOps at LinkedIn Learning. James is the creator of LASCON (Lonestar Application Security Conference), the most-fun AppSec conference in Texas. He also ran DevOps Days Austin for over ten years. He previously served on the global DevOps Days board.