1.
DevSecOps
A.R.M. NIZZAD
CTO | SENIOR LECTURER | RESEARCHER | SOFTWARE ENGINEER | DIGITAL MEDIA
STRATEGIST | TECHNICAL W RITER | FREELANCER

2.
Outline
DevOps DevSecOps Characteristics Practices
Benefits Implementation Challenges

3.
DevOps
DevOps is a set of practices that works to automate and
integrate the processes between software development and IT
teams, so they can build, test, and release software faster and
more reliably

4.
DevSecOps
DevSecOps is a further development
of the DevOps concept that, besides
automation, addresses the issues of
code quality and reliability assurance.

5.
DevSecOps Characteristics
DevOps Culture Automation Measurement Sharing

6.
DevSecOps Practices
• Threat modeling and risk assessments
• Continuous testing
• Monitoring and logging
• Security as code
• Red-Team and security drills

7.
Benefits of
Implementing
DevSecOpsSHIFTING SECURITY
TO THE LEFT
AUTOMATING
SECURITY
VALUE

8.
Implementing DevSecOps
Different Security implementation models have been proposed by
researchers and experts in the field of Security with respect to
DevSecOps.
• Three pillars of a DevSecOps model
• OWASP DevSecOps Maturity Model
• Deloitte’s transformational pillars in DevSecOps

9.
Three pillars of a DevSecOps model
• Test-driven security
• Monitoring and responding to attacks
• Assessing risks and maturing security

10.
OWASP DevSecOps Maturity Model
LEVEL 1: BASIC
UNDERSTANDING OF
SECURITY PRACTICES
LEVEL 2: ADOPTION OF
BASIC SECURITY PRACTICES
LEVEL 3: HIGH ADOPTION
OF SECURITY PRACTICES
LEVEL 4: ADVANCED
DEPLOYMENT OF SECURITY
PRACTICES AT SCALE

11.
Deloitte’s transformational pillars in
DevSecOps
Governance
People
Technology
Process

12.
Challenges in
implementing
DevSecOpsKEEPING UP WITH
DEVOPS
ORGANIZATIONAL
CHALLENGES
TOOLS AND
PRACTICES

13.
DevOps is not a Goal, But a never-ending process of continual Improvement
Thank you