The document discusses the concept of DevSecOps, which integrates security practices within DevOps processes to enhance code delivery while ensuring security. It outlines the benefits, such as cost reduction and operational efficiency, alongside the challenges faced in scaling DevSecOps including cultural issues and automation hurdles. The document concludes with a five-step approach to implement and drive DevSecOps within organizations.

1. Company Confidential & Proprietary 1
The Challenges of
Scaling DevSecOps
Shiri Arad Ivtsan, Senior Product Manager

2. Company Confidential & Proprietary
The Agenda
2
▪ What is DevSecOps
▪ The Benefits
▪ What’s Holding us Back
▪ 5 Steps to Scaling DevSecOps

3. Company Confidential & Proprietary
The DevSecOps Approach
3

4. Company Confidential & ProprietaryCompany Confidential & Proprietary
▪ Integrate the security aspects and practices with the DevOps
processes
▪ Use agile methodologies to deliver small, secure pieces of code in
frequent releases
▪ Automate the security processes whenever possible
▪ The best response to the bottleneck effect of older security models
on the modern continuous delivery pipeline
4
DevSecOps: The DevOps & Security Culture

5. Company Confidential & Proprietary
The Common Way of Handling Security Vulnerabilities
Security teams
analyze and
prioritize
vulnerabilities
Sending emails or
opening
issues/tickets
Closing the loop
on resolution is
hard

6. Company Confidential & Proprietary
Company Confidential & Proprietary 6
6
The Benefits of DevSecOps

7. Company Confidential & ProprietaryCompany Confidential & Proprietary
▪ Cost Reduction
▪ Speed of delivery
▪ ‘Secure by design’
▪ Open discussion
7
The Business Benefits of DevSecOps

8. Company Confidential & Proprietary 8
The Operational Benefits of DevSecOps
▪ Versions are up-to-date
▪ Nearly “zero” re-work
▪ Early identification of vulnerabilities in code
▪ Enables a culture of constant iterative improvements

9. Company Confidential & Proprietary 9
What’s Holding us Back?
The Challenges in DevSecOps

10. Company Confidential & ProprietaryCompany Confidential & Proprietary
▪ Cultural and communication challenges
▪ Scaling is not easy
▪ Moving to the cloud
▪ Automation
10
The Security Challenges

11. Company Confidential & ProprietaryCompany Confidential & Proprietary
▪ Security awareness
▪ Familiarity with security tools
▪ Implementation into lifecycle
▪ Mindset
▪ Resolution and remediation
11
The Developer’s Challenges

12. Company Confidential & Proprietary 12
Start Driving DevSecOps in
Your Organization
The 5-steps Method

13. Company Confidential & ProprietaryCompany Confidential & Proprietary 13
Step 1: Know Your Goal
Baking Security Into
Existing Workflows

14. Company Confidential & ProprietaryCompany Confidential & Proprietary 14
Step 2: Identify the Processes

15. Company Confidential & ProprietaryCompany Confidential & Proprietary 15
Step 3: Determine Where to Automate
Build
Test
Detect
Issues
Remediate
Monitor

16. Company Confidential & ProprietaryCompany Confidential & Proprietary 16
Step 4: Shift Left Detection and Remediation

17. Company Confidential & ProprietaryCompany Confidential & Proprietary 17
Step 5: Improve, Continuously
▪ Continuous Integration
▪ Continuous Delivery
▪ Continuous Deployment
▪ Continuous Testing
▪ Continuous Improvement

18. Company Confidential & Proprietary
Company Confidential & Proprietary 18
18
Q & A

19. Company Confidential & Proprietary
Thank You!
19