A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


AppSec Behaviors for DevOps Breed Security Culture Change - Chris Romeo Converge 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

AppSec Behaviors for DevOps Breed Security Culture Change
Chris Romeo
@edgeroute

DevOps and application security are all the rage, but how do you transform a DevOps team into an army of security people? Enter the idea of application security behaviors. A behavior is "the way a person acts". Behavior beats process, because behavior is how we respond to a situation versus how we should respond. An appsec behavior focuses on the lightest touch points while still having security impact, and are the foundation of true security culture change for DevOps. The five core application security behaviors are threat modeling, security tool automation, code review, red teaming, and response. In this talk, we dive deep into each behavior, and explain how these behaviors generate more secure products and how to embed the behaviors into the DevOps team.

Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring security belt programs to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Security Advocates, empowering engineers to "build security in" to all products at Cisco. He led the creation of Cisco’s internal, end-to-end security belt program launched in 2012. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP.

Back to Converge 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast