Session Name: The Implementation and Practice of DevSecOps
In this presentation, we will share our DevSecOps implementation experience and the DevSecOps model we established to promote DevSecOps across development teams. In addition, we will demonstrate three different ways to provide cyber security training to help development teams gradually grow their knowledge to be able to fix the vulnerability discovered by DevSecOps tools. Finally, we build up a DevSecOps maturity model to measure the level of development teams’ DevSecOps ability. Based on the maturity level, the cyber security assessment will be simplified to benefit the development team (speed up the delivery). This presentation is for the people who have interest in DevOps transformation and how to integrate/left shift cyber security during DevOps process.
Jihai graduated from Imperial College London with a PhD. He has worked in different global large banks, such as RBS, UBS, Barclays and HSBC. Since 2012, he has worked on DevOps as the DevOps Lead/Champion in Barclays bank in the UK. Jihai has a lot of experience in DevOps, especially in the financial industry. His experience covers implementing DevOps at the team level, leading the Technology transformation and managing DevOps teams at departmental level, running DevOps Community and defining DevOps standard at the banking level. In 2016, he joined HSBC headquarters as the DevOps Champion and was transferred to HSBC Technology China in March 2018 to lead DevOps for 1500+ HSBC Technology development employees. As one of his DevOps strategies, he started to engage with Cyber security department on DevSecOps and lead the DevSecOps program in China as well as driving DevSecOps culture across development teams in HSBC Technology China.