In many traditional enterprises, I have observed that security is regarded as the responsibility of the CISO/security office. They roll out new tools, and new policies, and adopt new frameworks. While that is good, and required, most such security initiatives fail at scale, when trying to be adopted by hundreds of teams across an enterprise. In today's world, the key to your enterprise is in the hands of the developers. No security DevOps is not a product you can buy and set. It is not a process or framework you choose to follow up. Building microservice applications neither means you are doing DevOps. You can’t be DevOps and traditional; there’s no cherry-picking, requires a change in the whole organization's CULTURE. The culture of an organization is the way in which things are done, and the behaviors, values, and practices that have been developed and reinforced over time. Culture has a big impact on the way things are done inside an organization and is the more important factor in innovation levels and the improvement of products and processes. In this talk, we will see what are the most critical factors when an organization tries to change its culture, which is common issues, why some organizations or persons refuse to accept the change... and how to work with them.
I'm a programmer, but my time dedicated to programming tends to 0 ... at both ends. Now I help as far as I can to make the projects go as well as possible. I like Agile because I think it's the way to do things that best suits the noble art of turning ideas into software.