Thursday, January 21, 2021
Workshop Overview
During this workshop, we discussed the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. NIST solicited proposed approaches from participating organizations and heard from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence project to demonstrate the practices.
Workshop Recording
Watch the webcast from this event.
Related Materials
Post-Workshop Materials
NIST Introduction and Workshop Overview Kevin Stine – NIST |
|
Why Frameworks Matter for Modern Software Developers: Rooting DevSecOps Practice in Security Frameworks Aaron Cooper – BSA |
|
6 Pillars of DevSecOps John Martin – SAFECode |
|
DevSecOps Pipeline for Complex Software-Intensive Systems: Addressing Cybersecurity Challenges Carol Woody – SEI |
|
92 years to DevOps: A Motorola Solutions Case Study Adam Lewis – Motorola Solutions |
|
Question Summary |
Moderated Q&A Karen Scarfone – Scarfone Cybersecurity |
Lessons Learned and Open Problems Delivering Companywide DevSecOps Solutions at Microsoft Michael Fanning – Microsoft |
|
How Leaders Set the Stage – Successfully Scaling DevSecOps Tim Anderson – AWS |
|
Shift-Left Compliance & Security Jim Doran – IBM |
|
Securing and Protecting DevSecOps with Cloud-Enabled Technologies Lisa Lorenzin – Zscaler |
|
Question Summary |
Moderated Q & A Mike Bartock – NIST |
Full Stack DevSecOps John Morello - Palo Alto Networks |
|
Using Balanced Development Automation to Address Security in a DevOps Environment Ehsan Foroughi - Security Compass |
|
Journey to DevSecOps James Barr – TechTrend |
|
Enhancing DevSecOps Capabilities with Observability and Automation Michael Polisky – Splunk |
|
Wrap Up/Next Steps |
Moderated Q & A Curt Barker – Dakota Consulting |
To receive future updates about this project, send an email to devsecops-nist@nist.gov to join the DevOps Community of Interest.