Automating security compliance too often focuses on patches and vulnerabilities. Highly regulated industries like NIST, HIPAA and PCI-DSS demand more than just static, dynamic and runtime tools. Regulations demand knowing your users, measuring training and managing disaster recovery but automation lags here. This talk discusses integrating requirements and automating non-vulnerability standards. Using unified mark-up language integrates requirements and common tools can link users, integrate contingency plans, and expedite compliance to increase value.
Dr. Mark Peters works for Technica Corporation as Lead Information Assurance/Security Engineer on a US Air Force cyber weapon system program in San Antonio, TX emphasizing DevOps during an Agile transition. During a full US Air Force intelligence career, he worked with various units to integrate and automate intelligence with operational delivery. A cybersecurity expert, he holds multiple industry certifications including a CISSP. The author of the book, "Cashing in on Cyberpower" to analyze 10 years of cyber-attacks from an economic perspective. In his spare time, he reads, thinks, writes, and then speaks and is also a Judo black belt. A DevOps Institute ambassador, he enjoys working with individuals to implement DevSecOps. He remains excited by the potential to incorporate DevOps across multiple industries.