How many of you are involved with controls for DevSecOps practices or for securing DevOps or Agile
I am currently tasked with developing controls or standards for our DevOps practices. We are involved in writing these controls to ensure internal standards are met even in the fast-paced world of Agile or DevOps development and continued in operations.
I realize this is a practice that is unique to the company supported, but wondered how widely this is occurring elsewhere. I would also be interested in learning what the size of the company is to understand where the majority of efforts like this are occurring.
DevOps isn't new, but as a practice is fairly new to our company. I work for a rather large enterprise, with 2000 development teams in the mix under our main CIO. I would be interested in what others are doing, and possibly seeing if there is an interest in a discussion group.
I´m a member of a Site Reliability Engineers team, our main focus is to keep a private cloud platform reliable and secure, through automation of security tests and hardening in the provisioning of platform resources. For 2018 we're initiating a project with the main goal to formalize a security development life-cycle and adopt agile practices in security and risk management. As an example, we want to use solid techniques in DevOps world, like ChatOps, in incident handling. DevSecOps.org has been our main source for DevSecOps (best) practices.