Webinar banner
DevOps Security: Oxymoron or Truism?
In this second installment of the four part webinar series on Secure Design, Brook Schoenfield will offer effective, proven DevOps security strategies.

A common myth of DevOps is that activities like architecture may be jettisoned in favor of automation. But, architecture requires human analysis; currently there is no automated substitute.

A key part of architecture and design will be security thinking. Security thinking will be based in threat modeling. An examination of the integration of security activities, and especially threat modeling into the DevOps cycle is critical to implementing security in a DevOps loop.

There’s “SecDevOps,” “DevSecOps,” DevOpsSec,” and just plain old security for DevOps. You might very well be confused? Software developers and security people haven’t been able to settle on a term, much less what it all means in practice. Many shops have developers who declare that security is too cumbersome for DevOps. At the same time, those charged with application security try for control of the DevOps chain. These positions are based in myths and misunderstandings; they lead to unnecessary friction.

Security practices benefit from a DevOps mindset, and the automation and code that results. But first, myths must be busted: there is no inherent antipathy between security and DevOps, even DevOps requires plans and structure; and security improves through iteration of bite-sized chunks.

Oct 2, 2019 01:00 PM in Eastern Time (US and Canada)

Webinar logo
* Required information


Brook Schoenfield
Director, Advisory Services @IOActive
Brook Schoenfield brings over three decades of experience to his role as Director, Advisory Services at IOActive, where he focuses on leveraging threat modeling and building robust software security programs for IOActive’s Global 1000 customers. Prior to IOActive, Schoenfield worked at McAfee LLC (formerly Intel Security Group and McAfee, Inc.) as the Principal Engineer leading product security architecture. In 2015, Schoenfield authored the book, “Securing Systems: Applied Security Architecture and Threat Models.” Schoenfield has been a featured speaker at many security conferences including RSA, BSIMM and the SANS What Works Summits, among others, presenting in his areas of expertise: Secure Development Lifecycle including Agile, SaaS security, information security risk, architecture risk assessment and threat models, identity management, and more.