Software Engineering Radio - the podcast for professional software developers avatar

Dexa/Software Engineering Radio - the podcast for professional software developers

Learn more
Published Sep 3, 2019

SE-Radio Episode 288: DevSecOps

Explore the transformative power of DevSecOps as Kim Carter and Francois Raynaud delve into integrating security from the outset of application development, highlighting cultural changes, cost benefits, and the pivotal role of security champions in enhancing collaboration and making applications inherently secure.
Episode Highlights
Software Engineering Radio - the podcast for professional software developers logo

Topics covered

Popular Clips

Episode Highlights

  • DevSecOps Shift

    The transition to DevSecOps requires a fundamental shift in how organizations approach security in software development. explains that traditional delivery methods often overlook security until the final stages, leading to vulnerabilities and project delays 1. By integrating security from the project's inception, teams can avoid costly breaches and ensure a more secure product 2. This approach involves breaking down silos between development, security, and operations teams to foster better communication and collaboration 3.

    We want to say yes, you can do things, but we can do them securely.

    ---

    The initial costs of adopting DevSecOps may seem high, but the long-term benefits, such as reduced attack surfaces and fewer redundant processes, outweigh these expenses 2.

       

    Security Champions

    Security champions play a crucial role in embedding security within development teams. highlights the importance of continuous training to maintain the effectiveness of these champions 4. By equipping developers with security skills, organizations can create a culture where security is a shared responsibility 5. This approach not only enhances the team's ability to identify and mitigate risks but also makes developers more marketable.

    A developer that got security tools, security skills, that's going to be great for the market.

    ---

    However, maintaining this culture requires ongoing effort and adaptation to new security challenges 4.

       

    Training & Collaboration

    Training and collaboration are essential for integrating security into the development process. stresses the need for cross-functional teams to work together, breaking down traditional silos that separate development and security 6. By incorporating security into every sprint, teams can address vulnerabilities early and streamline the development process 7.

    Embrace the change, as we always say, it's one of my company. The motto changes energizes us.

    ---

    Initiatives like DevSecOps training programs and collaborative events further support this integration, fostering a culture of continuous improvement and innovation 8.

Related Episodes