Virtual Workshop on Improving the Security of DevOps Practices

Thursday, January 21, 2021

Workshop Overview

During this workshop, we discussed the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. NIST solicited proposed approaches from participating organizations and heard from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence project to demonstrate the practices.

Workshop Recording

Watch the webcast from this event.

Related Materials

- Read about NIST's plans to advance current and emerging secure software development and operations practices.

Post-Workshop Materials

Presentation #1	NIST Introduction and Workshop Overview Kevin Stine – NIST
Presentation #2	Why Frameworks Matter for Modern Software Developers: Rooting DevSecOps Practice in Security Frameworks Aaron Cooper – BSA
Presentation #3	6 Pillars of DevSecOps John Martin – SAFECode
Presentation #4	DevSecOps Pipeline for Complex Software-Intensive Systems: Addressing Cybersecurity Challenges Carol Woody – SEI
Presentation #5	92 years to DevOps: A Motorola Solutions Case Study Adam Lewis – Motorola Solutions
Question Summary	Moderated Q&A Karen Scarfone – Scarfone Cybersecurity
Presentation #6	Lessons Learned and Open Problems Delivering Companywide DevSecOps Solutions at Microsoft Michael Fanning – Microsoft
Presentation #7	How Leaders Set the Stage – Successfully Scaling DevSecOps Tim Anderson – AWS
Presentation #8	Shift-Left Compliance & Security Jim Doran – IBM
Presentation #9	Securing and Protecting DevSecOps with Cloud-Enabled Technologies Lisa Lorenzin – Zscaler
Question Summary	Moderated Q & A Mike Bartock – NIST
Presentation #10	Full Stack DevSecOps John Morello - Palo Alto Networks
Presentation #11	Using Balanced Development Automation to Address Security in a DevOps Environment Ehsan Foroughi - Security Compass
Presentation #12	Journey to DevSecOps James Barr – TechTrend
Presentation #13	Enhancing DevSecOps Capabilities with Observability and Automation Michael Polisky – Splunk
Wrap Up/Next Steps	Moderated Q & A Curt Barker – Dakota Consulting

To receive future updates about this project, send an email to devsecops-nist@nist.gov to join the DevOps Community of Interest.