Session Name: “Do you do that, or do I do that?”: How Security and Engineering Can Align For DevSecOps Success
It takes two to tango, and DevSecOps might be the most complicated dance both engineering and security leads have to learn in the next few years. So let’s talk about that, with me in the security corner and my co-speaker Larry Maccherone on the engineering side: How can you make DevSecOps work as a two-part team? With Larry leading DevSecOps transformation at Comcast, and my experience as a CSO at Cobalt and security lead in companies like eBay and Zynga, we can share many practical tips on how to lead the shift left effectively and how to get your teams to join along for the ride. We can speak to: (1) How to integrate feedback into each other’s workflows, (2) How to transition from manual to automated testing, (3) What metrics to track, and (4) How to build successful DevSecOps teams.
Larry Maccherone is an industry-recognized thought leader on DevSecOps, Agile and Analytics. He currently works at Contrast Security where he focuses on DevSecOps transformations. Prior to that he led the DevSecOps transformation at Comcast and previously led the insights product line at Rally Software where he published the largest ever study correlating development team practices with performance. Before Rally, Maccherone worked at Carnegie Mellon with the Software Engineering Institute (SEI) and CyLab for seven years conducting research on cybersecurity and software engineering. While there, he co-led the launch of the DHS-funded Build-Security-In initiative. Maccherone has also served as Principal Investigator for the NSA's Code Assessment Methodology Project, sat on the Advisory Board for IARPA's STONESOUP program and as the Department of Energy's Los Alamos National Labs Fellow.