If it does not fit, it does not get done. For many DevOps practices, application security falls into the “does not get done” bucket. That’s because for many DevOps-centric organizations, application security has historically be done somewhere else, by someone else, who is slow.
Go faster. Shift left. Remove complexity. Reduce rework. All mantras of DevOps practices. And while DevOps practices have changed dramatically in recent years, many experts will tell you that application security has not changed enough.
In this installment of the DevOps Leadership Series, you will hear Chris Corriere (DevOps Engineer, Autotrader) and Mitchell Ashley (VP Information Technology, CableLabs) share perspectives the state of DevOps and security.
First, listen to Chris’ perspective that security can move at DevOps speed, as long as you take a diversified approach:
Then hear from Mitchell as he remarks on the evolution of security from a validation role (at the right) to an integrated, ingrained role that has shifted left: