devsecopsness: adding the business dimension to devops by tanusree mccabe
TRANSCRIPT
2
If you’re doing DevSecOps well, you’re:
✓ Collaborating
✓ Integrating security early and often
✓ Expediting releases
✓ Embracing automation
✓ Improving quality
5
DevSecOps still doesn’t ensure that you’re adding any value
to the business.
Sure, you’re delivering faster. Maybe even cheaper. Maybe
even ‘failing fast’. But are you really and truly delivering
what your business needs?
6
Does your Code/Automation/Security Control incorporate
business understanding and provide any business value?
9
Development: Challenge the Requirement
• What benefit is this providing?
• Would the end user really want it this way?
• Does this fit with the business’ strategy?
• Functionality
• Bug fix
• Chore
10
Operations: Challenge the Process
• What benefit is this providing?
• Is the expectation accurate?
• Is this being done efficiently?
• Continuous Deployment
• Continuous Delivery
• Continuous Monitoring
• Incident Response
11
Security: Challenge the Risk
• What benefit is this providing?
• Does the solution address the real problem?
• Is the solution based on quantitative analysis?
• Regulation
• Controls
• Assessments
• Monitoring
14
• How does the requirement/process/control fit into the business’ mission or
strategy?
Alignment, alignment, alignment!
15
• What is the cost of the proposed alternatives and how does that factor into
trade-off analysis?
$$$