View Storyboard

Contributors
- Don Davidson CISSP, CISM, CCSP, Enterprise Security Architect, London Life Insurance Company
- Kevin McGregor MSc, CITA-A, TOGAF, Systems Architect, London Life Insurance Company
- Md Waliullah MSc, CCNA, ITIL, Information Security Analyst, Pollard Banknote Limited
- 2 anonymous contributors
Your Challenge
- Your organization is starting its DevOps journey and is looking to you for guidance on how to ensure that the outcomes are secure.
- Or, your organization may have already embraced DevOps but left the security team behind. Now you need to play catch-up.
Our Advice
Critical Insight
- Shift security left. Identify opportunities to embed security earlier in the development pipeline.
- Start with minimum viable security. Use agile methodologies to further your goals of secure DevOps.
- Treat “No” as a finite resource. The role of security must transition from that of naysayer to a partner in finding the way to “Yes.”
Impact and Result
- Leverage the CLAIM (Culture, Learning, Automation, Integration, Measurement) Framework to identify opportunities to close the gaps.
- Collaborate to find new ways to shift security left so that it becomes part of development rather than an afterthought.
- Start with creating minimum viable security by developing a DevSecOps implementation strategy that focuses initially on quick wins.
Guided Implementations
This guided implementation is a six call advisory process.
Guided Implementation #1 - Identify opportunities
Call #1 - Review current DevOps environment.
Call #2 - Identify stakeholders.
Call #3 - Brainstorm opportunities.
Guided Implementation #2 - Develop strategy
Call #1 - Assess constraints and benefits.
Call #2 - Prioritize opportunities.
Call #3 - Finalize plan.
After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.