I had never heard the term: DevSecOps, so this article seemed interesting to me. This concept is a fairly new initiate that bring security personnel into the DevOps software development process, much earlier than they normally would be. This allows for security needs to be respected, all throughout the software development life cycle. In some software development circles, security is an afterthought. This new technique will hopefully prove to be the best overall solution.
https://www.darkreading.com/risk/devsecops-recreating-cybersecurity-culture–/a/d-id/1335783
Good find Daniel. My company has a pretty big SOC in Maryland and I know that they follow DevSecOps religiously over there. I came to know about this when I talked to one of the hiring managers and he explained me how they have incorporated this model into the existing operations between information security team and all other security teams. From the conversation I had with him I remember he said the same things along these lines – “As companies offer customers digital experiences where products and services are increasingly powered by mobile, cloud, and data analytics capabilities, developers, in turn, are moving to development processes that meet the need for greater agility and scale. To keep pace, chief information security officers now need to work with developers much earlier in the production cycle”
Thank you for sharing this interesting article. I also had never heard about DevSecOps. As I looked through the article, the 4 tips how to apply DevSecOps into organization is very useful. I like tip number 1 and 4 that It is important to clearly define goals and continuously validate and monitoring security logs.