0      0

(ISC)2 Security Congress 2022

2126879 - Avoid Being the Middle Child - Ensuring Sec gets the Attention and Resources in DevSecOps

Oct 11, 2022 1:35pm ‐ Oct 11, 2022 2:35pm


DevOps has necessarily matured into DevSecOps, but there is a significant focus disparity with the Sec element. As the ‘middle child’ Sec is often over-looked and under-resourced. DevSecOps is a holistic approach and only achieves full performance potential when all elements are working in harmony- this can only be achieved if the elements are generally in balance. Typically, attention and resources are only reactively provided to the Sec element and are withdrawn after the issue passes. There are processes and techniques that have been proven to raise the Sec element awareness and result in long-term stable attention and resources, resulting in the Sec element being able to make greater and broader impacts, and in improved overall DevSecOps team efficiency.

Learning Objectives:
  • Understand how to evaluate whether your organization properly and equally resources Dev, Sec, and Ops elements
  • Recognize the processes and procedures that have been proven to help achieve balance between the elements and how they can be tailored and deployed within different organization types
  • Appreciate the quantifiable operational, technical, and programmatic factors that empower cybersecurity to maintain a consistent and sufficient cybersecurity posture and broad DevSecOps efficiency


  • Mr. Andrew Boyle, CISSP, CEH, PMP, PMI-ACP, SAFe SPC/SA, PRINCE2, AWS-SAA, FinOps CP, NN/g UXC, Director and Distinguished Digital & Cyber Technologist, Booz Allen Hamilton

You must be logged in and own this session in order to post comments.