- Don Davidson CISSP, CISM, CCSP, Enterprise Security Architect, London Life Insurance Company
- Kevin McGregor MSc, CITA-A, TOGAF, Systems Architect, London Life Insurance Company
- Md Waliullah MSc, CCNA, ITIL, Information Security Analyst, Pollard Banknote Limited
- 2 anonymous contributors
- Your organization is starting its DevOps journey and is looking to you for guidance on how to ensure that the outcomes are secure.
- Or, your organization may have already embraced DevOps but left the security team behind. Now you need to play catch-up.
- Shift security left. Identify opportunities to embed security earlier in the development pipeline.
- Start with minimum viable security. Use agile methodologies to further your goals of secure DevOps.
- Treat “No” as a finite resource. The role of security must transition from that of naysayer to a partner in finding the way to “Yes.”
Impact and Result
- Leverage the CLAIM (Culture, Learning, Automation, Integration, Measurement) Framework to identify opportunities to close the gaps.
- Collaborate to find new ways to shift security left so that it becomes part of development rather than an afterthought.
- Start with creating minimum viable security by developing a DevSecOps implementation strategy that focuses initially on quick wins.
This guided implementation is a six call advisory process.
Guided Implementation #1 - Identify opportunities
Call #1 - Review current DevOps environment.
Call #2 - Identify stakeholders.
Call #3 - Brainstorm opportunities.
Guided Implementation #2 - Develop strategy