What I Learned from DevSecOps Leaders in a High Tech World

Last week, we hosted our second virtual DevSecOps Leadership Series, focusing on DevSecOps in a High Tech World. With over 300 attendees, the afternoon featured an opening keynote from FISERV followed by two panel discussions with leaders from Sirius XM, NBC Universal, OneTrust, Estée Lauder, PointClickCare, and Micro Focus, all moderated by Michelle Dufty, SVP of Marketing here at Sonatype. Throughout the event, these leaders shared their experiences in DevSecOps and how they were specifically able to add value to their organizations through its adoption. 

DevOps Connect:DevSecOps @ RSAC 2022

Delivering Value, Driving Innovation and Averting Risk at the Speed of DevOps

This panel featured Ramesh Regulapati, Director, Telematics and DevOps, Sirius XM, Michael Warthen, Director, Software Development, NBC Universal, and Steve Finch, Head of Architecture and Cloud Ops, OneTrust. 

Michelle began by asking the panelists, “What’s the state of your DevSecOps practice and how do your organizations manage vulnerabilities?” Ramesh, a more recent DevSecOps adopter, mentioned that his team had been previously working through vulnerabilities manually. However, they recognized they could not scale through manual efforts and needed to implement automation and shift security left. 

For Michael at NBCUniversal, it was also about trying to look for opportunities to shift left in the SDLC. He believes that while many bad actors exist, there are more good actors and those developers need to feel empowered by the tools they use and DevSecOps processes adopted. Ultimately, they’ve found that shifting security left and adjusting specific policies has allowed developers to release builds cheaper and faster without time consuming rebuilds. 

At OneTrust, Steve Finch explained that, “process without control is like a speed limit without a policeman” in that no one follows it without a consequence. He agreed that developers want to do the right thing but they get frustrated if (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Sara Budsock. Read the original post at: