Continuous: If you have been around DevOps for any length of time then you have heard this term. As in Continuous Integration, Continuous Build, Continuous Deployment, Continuous Delivery, Continuous Testing, Continuous Planning among others. Now we are living in a time when personal and data privacy matters more than ever, and so one "Continuous" is rising to the forefront: Continuous Security.
But what really IS Continuous Security? Is it simply a notion of running scans and tests as part of a pipeline and reporting vulnerabilities? We think it is much more then that. For years organizations have been good validating that applications perform the way they are intended to and do what they are supposed to do so that they can be relied upon. But today if is not enough for applications to just be functional - they must be trustworthy. Add in ever-growing regulations like GDPR, NYDFS, and CCPA and you'll find that if they are not trustworthy, you could face serious penalties or even charges. But how do you achieve and maintain trust? Security has to be of constant paramount importance. Which means, it's time Security to be continuous too.
We will start with a quick, short, brief view on the current thinking around DevSecOps and how this traditionally just focuses on adding security practices to pipelines. This is a great thing, but it is not enough.
We will then outline our view on Continuous Security and cover 6 key capabilities that we believe are paramount and we will illustrate key facts and ways to know if you are doing them well.
Finally we will outline how these work together.
Rob is currently an Application Security Sales Evangelist for HCL. Rob joined HCL recently as part of an acquisition from IBM. Prior to this role, Rob was with IBM for14 years with the most recent role of Worldwide Application Security Evangelist. In addition to this role, Rob held several other roles in IBM ranging from Rational Field Services to Worldwide Sales Enablement leads for the Management and Platform Segment offerings in IBM Cloud. Rob has worked with clients all over the world to help address their challenges in ways that bring a positive impact to the business bottom line. Rob has spoken at numerous IBM events and conferences, including one like THINK, InterConnect, DevloperConnect, IBM Top Guns and many customer roundtable events. In addition, with IBM he has held roles in software services, technical sales enablement and on Tiger teams. Prior to IBM, Rob spent 13 years with 5 different companies working as a configuration management specialist with an emphasis on Rational tooling. Rob graduated from the University of Southern California with a degree in Aerospace Engineering, and is an avid fan of college football. When not at work, Rob enjoys spending time with his family, serving with his church, running and cycling. You can connect with Rob via facebook, linkedin and instragram but the best ways are by joining the “Robservatory” on twitter using the handle @Robservatory.