DevSecOps Meetup — Burning Issues
Back on the 21st of November 2018, Mintel was happy to host the November meeting of the DevSecOps — London Gathering meetup group in the Theatre at Mintel House London with approximately 70 people in attendance.
The group is organised by Michael Man as a forum for people to share their real-life experiences of introducing and working with security in the delivery of their projects.
This session was quite different to the usual meetup format where a few people stand up in front of the audience and present on a topic, opting for a “town hall” style discussion format with a panel of people from different backgrounds and roles (ranging from sales to developers).
The obligatory beer and pizza were sponsored by Abby Stratton @ BugCrowd and Robin Stafford @ Contrast Security, with the surprise addition of some gorgeous chocolate brownies (thanks Abby).
After everyone was sated and settled, the evening started off with a lightning talk (10 minutes) by Teresa Clark on her experiences of using Powershell in the process of decommissioning servers.
This was followed by Michael running a “speed networking” session, where he went around the room and asked everyone to introduce themselves, which gave some good insight into the types of people attending the event…and served to lighten the atmosphere a bit.
After a brief pause, we moved onto the main event of the panel discussion.
The list of topics were:
1) Should Software Architects be able to develop code?
2) What type of security testing approach should be initially adopted by small and large organisations?
3) What security considerations/requirements should be taken for different solution architectures?
4) Ops in Devops or DevSecOps means Operations, but this generally infers service operations. What about Operations Security? Should and how do we incorporate the traditional Security Operations Centre (SOC) function into DevOps/DevSecOps?
5) Where there are multiple releases a day, what security testing should be considered and adopted?
The discussion became quite rambling and tangential at times but was certainly interesting and well worth a watch. Generally, the discussion was around DevOps, continuous deployment, and how to balance that with security scanning/policy etc.
The conversation carried on well past the formal end of the panel discussion, and only ended when I had to kick everyone out so I could get a train home :)
Michael and I are already making plans to host another session for this group on 27th February 2019 for another round of panel discussion.
