Generally, in the healthcare world, DevSecOps is a loaded term because it includes many topics. There is a common misconception that DevSecOps is just a integration of automatized security testing tools, which can often lead to realization roadblocks. This presentation will focus on the steps one can take to avoid the perils and pitfalls encountered when integrating a security program within the processes of the software development teams who are transiting to an automated CI/CD pipeline.
As part of the Vulnerability and IT Asset Management team, Jason Martin is responsible for governing and prioritizing secure software development and has been a key contributor in shaping the DevSecOps program. Jason is a manager within the Information Security and Risk Management department at Highmark Health, one of the largest integrated financing and healthcare delivery systems in the United States.