The Ops Side of DevSecOps w/ Damon Edwards
The OWASP Podcast Series - A podcast by The OWASP Podcast Series
Categories:
When Shannon Lietz and the team at DevSecOps.org published the DevSecOps Manifesto six years ago, security was uppermost in their minds. The manifesto starts with a call to arms… “Through Security as Code, we have and will learn that there is simply a better way for security practitioners, like us, to operate and contribute value with less friction. We know we must adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too slow to change.” The effect of the DevSecOps movement was not understood by many, other than the handful of practitioners who understood what the team was going after: security is the responsibility of everyone, not just the security team. Security deserves a seat at the DevOps table. Fast forward six years, and security is now not just at the table, but sitting at the head of the table, leading the way. During this transition to focus on security, operations has become the short leg on a three legged stool. What was original a two team party, Dev and Ops, became a threesome, gradually ignoring operations as Developers and Security built a strong relationship. Damon Edwards has been my go-to person when I want to talk to someone about how operations continues to be relevant as the third part of DevSecOps. I caught up with Damon a couple weeks back to talk with him about how the transition to enterprise automation is going in the industry, what has been happening in the past year with the COVID lockdown, and what he’s looking forward to in 2021. I started the conversation, asking how he perceives his role in the DevSecOps Community. ---------- This broadcast is supported by OWASP, the Open Web Application Security Project, host of “Call to Battle” a series of events for gamers, challenge champs, and fun-nerds. Get more information at owasp.org/events… and by JupiterOne.com featuring solutions that help you “Know more. Fear less” by mapping your cyber assets and knowing the relationships between those assets.