7      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778583 - Achieving Automation of the 'Sec' Processes within a Highly Performant DevSecOps Pipeline

Oct 19, 2021 10:30am ‐ Oct 19, 2021 11:30am

Credits: None available.


DevOps and DevSecOps pipelines are all the rage, and every day there is a seemingly increase in the number of uses of the term DevSecOps. A pure DevSecOps pipeline is ideal, but almost always unrealistic given organization-specific technical or business constraints (i.e., intra-organizational approvals, business cycles and objectives, regulatory approvals). Much like Donald Rumsfeld once said: "You go to war with the army you have, not the army you might want or wish to have at a later time." As leaders of the cybersecurity industry, we need to achieve actionable, high-quality cybersecurity solutions despite organizational imperfections. Automation of the Sec element within DevSecOps requires a delicate balance between speed and security, automation and human awareness, and great and good enough.

Learning Objectives:
  • Define the critical processes and benchmarks involved in various automation approaches to the Sec element of a DevSecOps pipeline.
  • Understand the attributes of a successfully automated (fully automated or man-on-the-loop automated) Sec element of a DevSecOps pipeline, and recognize common attributes of unsuccessful Security automation practices.
  • Appreciate the operational, technical and financial advantages (to cybersecurity staff, projects, organizations, and user communities) of a successfully implemented automated Sec processes within a DevSecOps pipeline.


  • Mr. Andrew Boyle, Director and Distinguished Digital & Cyber Technologist, Booz Allen Hamilton
Tags: Basic


  • 1.00 - CPE

You must be logged in and own this session in order to post comments.