Myth Busting in DevSecOps
Larry Maccherone leads the DevSecOps efforts at Comcast. In this episode of DevSecOps: The Good, The Bad, and The Ugly, he busts some common DevSecOps myths and shares more about his DevSecOps Journey.
To start, Larry admits he has a “love/hate” relationship with the word “DevSecOps”. If you’re doing it right, of course security is included! He defines DevSecOps as a method that “empowers engineering teams to take ownership of their product all the way to production, including security.”
Bust Several DevSecOps Myths with Three Steps to Cultural Transformation
Larry discusses several myths in the video below. He also outlines the three parts that are necessary for cultural transformation:
1. Win the hearts and minds of development teams by actively building and reinforcing interpersonal trust.
2. Introduce a gradual on-ramp of “to-dos” by identifying top priorities and outlining obvious next steps. (Remember: “obvious next step” may be subjective, so be sure to discuss it.)
3. Secure executive sponsorship. No one “DevSecOps” alone!
Larry always has good things to teach. For example, he classifies “pixie dust security” an epic failure. Read more from Larry in the Epic Failures, Volume 2 book.
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Zack Conord. Read the original post at: https://blog.sonatype.com/myth-busting-in-devsecops
