In a DevOps world, we talk about "continuous everything". This means continuous risk management, continuous compliance, continuous security, continuous integration, continuous deployment, and so on. In this context, I will demonstrate how to construct a continuous risk artifact fabric from the generation of security policies to software development execution. I will show how this can be used to provide risk insights to various business/technical stakeholders across an Enterprise DevOps pipeline.
When: Tuesday, October 6th 2020
Where: PCI SSC 2020 North America Community Meeting
What: Building a Continuous Risk Assessment Pipeline in DevOps
Who: Altaz Valani
Mr. Valani is Director of Insights Research at Security Compass. Prior to joining Security Compass, he was a Senior Research Director and Executive Advisor at Info-Tech Research Group. Mr. Valani is part of several industry groups including SAFECode’s Technical Leadership Council, Vice Chair for the Security Forum at The Open Group, CIO Strategy Council, and sits on several IEEE Working Groups where DevSecOps and Privacy challenges are being tabled at the international standards level.