Session: Beating The 1:100 Odds - Team Design for Security
The ratio of developers to security is 1:100 or worse, according to multiple surveys. DevSecOps has raised the profile of security in IT but we still see a regular stream of serious data breaches exposing large security gaps in many organizations.
You might have heard a lot about shift left security, automated security testing in the delivery pipeline, container image scanning, and so on. These are all valuable techniques but… are we forgetting the power of collaboration, facilitation, and shared responsibilities?
By re-thinking our team structures and how they interact with security teams we can find effective, team-oriented ways to beat the negative effects of that 1:100 ratio. This is what we did with DevOps, right? The DevOps topologies catalog compared and contrast different team organization models to enable sharing of knowledge and responsibilities between dev and ops.
We need to do the same for DevSecOps and in this talk I will present two approaches to bridge this painful security gap:
-Fully shared security responsibility
-Security as an enabling team
Manuel Pais is an independent consultant, focused on team design, practices and flow. He helps organizations define and adopt DevOps from technical and human perspectives via strategic assessments, practical workshops and coaching.
Manuel is co-author of the book "Team Topologies: Organizing Business and Technology Teams for Fast Flow" (IT Revolution Press, 2019). Also InfoQ lead editor. Answers by @manupaisable on Twitter and Medium.