Lucas Kauffman, EY
My talk aims to provide insight into what DevSecOps is and why, after moving to Agile/DevOps this is the next natural progression. One of the biggest issues I realized when implementing DevSecOps is with regard to scalability and culture change. I want to highlight some practical issues that are present in large organizations which hamper moving to DevOps or DevSecOps and how to tackle them. It will look at People, Processes and Technology and what the practical approaches are to tackle these issues. The talk will present the viewpoints from both development, business and security, how they differ from each other and how to overcome them (what do you provide to each stakeholder to make them buy-in). It will provide a list of lessons learned, common pitfalls and how security can become an enabler for an organization to move faster. This talk is not focusing on tools, rather looking more into the people and process aspect.