How DevOps Becomes DevOpsSec - Chris Raethke, Bugcrowd Webinar

Explore how DevOps evolves into DevOpsSec in this informative webinar featuring Chris Raethke, CTO of Bugcrowd. Discover the importance of integrating security into the development process, learn about the challenges and opportunities presented by cloud computing and BYOD, and understand why moving security closer to code and data is crucial. Gain insights on implementing peer code reviews, decreasing friction between development and security teams, and protecting staff from phishing attacks. Learn strategies for accelerating security ROI, including reproducible server configurations and simulated security incidents. Understand the value of crowd-sourcing in augmenting your team's capabilities and why addressing security concerns early in the development process is essential for modern organizations.

Intro
bugcrowd
why are we here?
Fast forward to 2015 CLOUD / SAAS MOBILE / BYOD
Move security as close as possible to the code and the data
DevOps as a double edged sword
DevOps rapid changes moar bugs/vulns faster
start simple, take small steps easy wins
developers have to care about their code
Code is the team's baby At least Peer Code Reviews
code style/quality reviews
everyone has to care about process
Decreasing friction between Dev and Sec
500 devs != 5 security engs
protect sales/marketing and admin staff from phishing
because.. people are the new automation
Lotsa bugs, best dev training
which types of issues, in which parts, of which applications
Accelerate Security ROI
reproduceable & testable production server configurations
deliberate small "simulated" fires
The best indicator of the next bug is the last bug.
+ Small steps mean easy wins * Developers have to care about code * Security is a process, not a product Don't wait for a fire to hire fire fighters * Crowd sourcing can augment your team