Posted by Steve Cohen on September 5, 2018
Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. They’ve automated manual processes and built tools into continuous integration and continuous delivery (CI/CD) pipelines. In doing so, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues together.
Extending DevOps to DevSecOps requires key cultural and practical changes to integrate security into all stages of the software development life cycle (SDLC). However, development managers often see security as a training burden or blocking issue. Organizations have to remove these perceived liabilities to achieve their risk mitigation goals. One way is to position security experts within development teams—champions who convey security priorities to colleagues.
If you’re facing the challenge of transforming DevOps to DevSecOps, consider investing in a Security Champions program. When you promote Security Champions, you fundamentally form a network through which security information can flow consistently. Security Champions take on the role of “local” experts who can answer questions, recommend training, and interface with security experts to find answers to deeper questions.
How can investing in a Security Champions program benefit your organization? Here’s what Security Champions can do for you:
While there’s no simple or single way to transform DevOps into DevSecOps, employing Security Champions—if done effectively—can serve as a powerful transformational approach. Security Champions can ensure that security measures are embedded in every step of the software development process, resulting in improved time to market, and help your organization deliver higher-quality, secure code.
Join us on Sept. 13 at 12 p.m. EDT for our webinar Using Security Champions to Build a DevSecOps Culture Within Your Organization. Brendan Sheairs, managing consultant at Synopsys, will discuss the foundations of a successful Security Champions program and how to address the challenges you’ll face implementing such a program.
Get the latest Software Integrity news, thought leadership, and more.