Virtual Workshop on Improving the Security of DevOps Practices

Thursday, January 21, 2021

Workshop Overview

During this workshop, we discussed the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. NIST solicited proposed approaches from participating organizations and heard from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence project to demonstrate the practices.

Workshop Recording

Watch the webcast from this event. 


Related Materials

- Read about NIST's plans to advance current and emerging secure software development and operations practices


Post-Workshop Materials

Presentation #1

NIST Introduction and Workshop Overview

Kevin Stine – NIST

Presentation #2

Why Frameworks Matter for Modern Software Developers: Rooting DevSecOps Practice in Security Frameworks

Aaron Cooper – BSA

Presentation #3

6 Pillars of DevSecOps 

John Martin – SAFECode

Presentation #4

DevSecOps Pipeline for Complex Software-Intensive Systems: Addressing Cybersecurity Challenges

Carol Woody – SEI

Presentation #5

92 years to DevOps: A Motorola Solutions Case Study

Adam Lewis – Motorola Solutions

Question Summary

Moderated Q&A

Karen Scarfone – Scarfone Cybersecurity

Presentation #6

Lessons Learned and Open Problems Delivering Companywide DevSecOps Solutions at Microsoft

Michael Fanning – Microsoft

Presentation #7

How Leaders Set the Stage – Successfully Scaling DevSecOps

Tim Anderson – AWS

Presentation #8

Shift-Left Compliance & Security

Jim  Doran – IBM

Presentation #9

Securing and Protecting DevSecOps with Cloud-Enabled Technologies

Lisa Lorenzin – Zscaler

Question Summary

Moderated Q & A

Mike Bartock – NIST

Presentation #10

Full Stack DevSecOps

John Morello - Palo Alto Networks

Presentation #11

Using Balanced Development Automation to Address Security in a DevOps Environment

Ehsan Foroughi - Security Compass

Presentation #12

Journey to DevSecOps

James Barr – TechTrend

Presentation #13

Enhancing DevSecOps Capabilities with Observability and Automation

Michael Polisky – Splunk

Wrap Up/Next Steps

Moderated Q & A

Curt Barker – Dakota Consulting

To receive future updates about this project, send an email to to join the DevOps Community of Interest.