Pentesters are tired of breaking things, writing a report, and walking away. Security teams are caught in a backlog that prevents them from ever staying ahead. Developers curse security for slowing them down. How can we address these seemingly incompatible and insurmountable issues in an organization, especially at scale?
The answer to this may be found in DevOps Security, which has been gaining momentum in large organizations that need to move fast and ensure a high level of security across their applications and operations. It is a practice that attempts to address all of these issues through two core principles: automation and education.
Our Senior Security Researcher, Aaron Hnatiw, recently spoke at ToorCon 19 about these issues. Using experience gained from working with several large Fortune 500 companies, his talk covered the basics of DevOps Security, and dove into specific tools and processes that organizations of any size can implement to immediately improve their speed of delivery while maintaining a strong and measurable security baseline.
Watch the video and follow along with the slides below.
Follow Aaron on Twitter @insp3ctre