DevSecOps

Disclaimer: The following posts are the result of my experiences building a DevSecOps organization from the ground-up at the world’s largest Laboratory Sciences manufacturing company. Your mileage may vary.

DevSecOps Essentials

• DevSecOps Essentials: An Overview
• DevSecOps Essentials: Software Asset Management
• DevSecOps Essentials: Code Security
• DevSecOps Essentials: Mitigations
• DevSecOps Essentials: Dyanmic Testing
• DevSecOps Essentials: Manual Testing
• DevSecOps Essentials: Talent

Static Analysis

• The 3 types of Static Analysis
• Static Code Analysis: Accuracy, Speed, or Completeness
• Binary Static Analysis: Accuracy, Speed, or Completeness
• Comprehensive Static Analysis: Accuracy, Speed, or Completeness
• Static Analysis: Local vs. Remote Sources
• Scanning in the IDE: A Bad IDE(A) for Developers

Security Maturity

• Security Maturity: Teams & Their Technologies
• Security Maturity: Immature Teams
• Security Maturity: Immature Technologies
• Security Maturity: Adolescent Teams
• Security Maturity: Adolescent Technologies
• Security Maturity: Mature Teams
• Security Maturity: Mature Technologies
• Security Maturity: Geriatric Teams
• Security Maturity: Geriatric Technologies

Philosophical Thoughts

• Security is a Feature
• With Technology, there’s no such thing as “Magic”
• You can’t do “DevSecOps” without doing “DevOps”
• 10x Your AppSec Program with this One Simple Trick