DevSecOps: The Final Frontier?

Thursday 03/11/21 from 10:00 am - 10:30 am We have started shifting from the waterfall project planning to more agile organization of our software development practices during the past two decades. Utilizing Scrum, Kanban, and Lean practices, we are now better prepared for the unknown and can faster react to the changing requirements, product plans, and team rotation. But it seems that the security requirements for the software we are producing are still living in the "Waterfall World". They are usually verified as the last step of the development, introducing further delays or simply leaving the deployed software with more and more vulnerabilities. Learning the lessons from how the Development and Operations teams joined their forces together, mobilizing themselves under a common DevOps umbrella, security teams don't want to stay behind. They see it as a chance to get more involved at each step of the software development in the Agile fashion. Hence DevSecOps approach, closing the gap between the security teams and the rest of the engineering organization. In this talk, Kuba Sendor will show examples of how DevSecOps can lead to a faster feedback loop related to the security issues in the software you are developing. He explains how to transform your Agile Software Development practices to leverage this new DevSecOps approach and, thanks to that produce code with much less security vulnerabilities. Jakub "Kuba" Sendor - Delivery Manager (j-labs software specialists)

Kuba Sendor helps companies to develop securely in the ever-changing threat landscape. Currently he is a Delivery Manager at j-labs where he is also responsible for an awesome team of engineers delivering world-class software to the enterprise market. Previously he was managing Corporate Security team at Yelp in the company headquarters in San Francisco, where together with his team they were responsible for analyzing and responding to the malware and phishing threats in addition to any other unforeseen types of security incidents. Before that, he worked as a researcher in the Security and Trust group at SAP. Over there he participated in the initiatives related to the data access control and privacy policies, way before GDPR was a thing.