A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail - Chris Reed BSides Indy 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail
Chris Reed
@chrreed
BSides Indy 2018

Security is often implemented through bolt-on assessments including periodic testing that only happens once in a release or even annually. Manual security processes can no longer keep up in today's fast paced world of agile development, devops and constant vulnerabilities. DevSecOps, or Security as Code, is an approach that allows security staff to multiply resources and increase agility and speed. Executed properly it also provides the audit trail necessary to demonstrate control even in the most rigorous regulatory environments. This session will explore this approach in the context of regulated medical device software. We'll explore the integration of Software Composition Analysis (3rd Party Open Source Libraries), Static Source Code Analysis, Dynamic Testing along with automated verification leveraged to reduce the risk of security failures in development and post-market/production operations.

Chris Reed leads the Cybersecurity Program for digital products at Eli Lilly and Company. He has been an information security practitioner for over 15 years including roles designing corporate security protection/detection/response systems, managing security operations, applying security architecture at enterprise scale, leading vendor assessments, leading pen testing and developing security standards and policy. Currently he is focused on establishing the Product Cybersecurity Program including formalizing cybersecurity risk management to ensure adequate cybersecurity controls are designed into medical devices as well as establishing the necessary post-market practices of vulnerability management and incident response for Eli Lilly and Company.

Back to BSides Indy 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast