RSAC 2018 kicked off today with DevOps Connect: DevSecOps Day @ RSAC 2018. This full day event featured speakers security vendors, security practitioners and development teams. It was interesting to compare the perspectives of the security and development teams when it comes to software security. What was even more interesting was how similar their perspectives are, and to see them presenting on similar topics. In the security industry it is often said that developers don’t care about security. We see evidence that developers do care about security. These sessions proved that security is an issue developers take seriously.
If there was a common thread amongst all the presentations today, it was secure development is an essential part of security and that developers are starting to think of secure code and quality code as linked concepts. This theme, or variations of it, were echoed throughout today’s presentations, demonstrating the shift we are seeing in the market.
During one particular presentation a speaker J. Wolfgang Goerlich, VP for Strategic Security Programs at CBI, discussed how to design and implement a DevSecOps program in 90 days. One point that stuck with me is that security professionals need to be more in touch with what developers are thinking. One way we advocate doing so is by creating developer champions in your security team. Much like security champions on a development team, a developer champion would better understand the goals, objectives and challenges developers face. Goerlich suggested researching future security issues by going to development conferences. There you will hear about the development trends of today that will become the security concerns of the next 3 to 5 years.
Some other tips Goerlich provided for creating a DevSecOps program in 90 days include:
Software security is an essential part of security the Modern Software factory that fuels out digital economy. DevSecOps is the way in which we will create more secure code. By integrating software security practices into the DevOps processes already being adopted by development teams, companies will start thinking about security as another element of quality. As a result, we will have a more secure society. Just two years ago I came to RSAC and there was a DevOps days that touched on the importance of security. It was really exciting to see the summit evolve to be DevSecOps and have a stronger focus on security. I look forward to seeing if the rest of the conference is as focused on secure development.