DevSecOps aims to define success, assign responsibilities and milestones, discover the code pipeline by treating code as infrastructure and implementing quality control, inventory security tools by understanding what is owned and the costs, assess gaps by picking frameworks and balancing controls with complexity, and iterate quickly by continuously improving and focusing on platforms over individual tools. The presentation outlines steps for organizations to implement DevSecOps practices by defining objectives, understanding code movement, taking inventory of security tools, assessing gaps, and iterating processes.

1. DevSecOps
Outline
Outline of steps for having
DevSecOps in an organization

2. I Define the future
What does
success looks like
01
Who is responsible
for what
02
What are key
milestones along
the way
03

3. II Discover Code Movement
Know the code
pipeline
01
Treat Code as app
infrastructure
02
Have Quality
control for risk
reduction
03

4. III Inventory for Security Tools
Know what you own
01
Know why it was
purchased/procured
02
Find out the total
cost of
ownership(TCO)
03

5. IV.
Asses
Gaps
Pick a framework if you don’t have
Prepare for control gaps and
overlaps
Having less security tools lessens
complexity but balance
accordingly

6. V. Iterate Quickly
Iteration
Never ends
Be ready for
changes in
every iteration
Acquire
platform not
tools

7. End of presentation
Thanks