5 essential steps to shift security left (Episode I)

Autonomous security from day one

DevOps as a concept has been thoroughly examined, interpreted, and dissected in a multitude of different ways over the last decade since the term itself was coined by Andrew Shafer and Patrick Debois at the 2008 Agile Toronto conference. However, let’s take a step back and review what DevOps is, in order to better understand how DevSecOps fits in.

DevOps is a cultural, and organizational way of unifying development and IT operations work. This practice seeks to empower software development teams to more consistently meet or surpass their objectives for on-time delivery of high quality software that meets the needs of the business. But where does security fit in and why is it important to the development process? And, maybe the most frequent question – where do I start?

Similar to operations, security’s aim to minimize enterprise risk occasionally conflicts with development’s need for constant change. What if I told you there is a middle ground that enables development teams to deliver code that is more secure – at the speed of DevOps? But…there is a slight catch. This middle ground requires that security adapt to 5 essential steps that have proven successful for DevOps.

In this 5-week series, you will be taken through a step by step journey of how to shift security left within your organization. We kick things off with Step 1: Autonomous Security from Day One.

One of the main principles of creating a culture of security, is to make it something that everyone within your organization is responsible for. Chris Wysopal, CTO and co-founder at  Veracode provides some guidance on how this is done, why we have to automate security, and more. To learn more, check out the video below!

About the author

Chris Wysopal is Chief Technology Officer at CA Veracode and he oversees technology strategy and information security. Chris has testified to the U.S. Congress on government security and how vulnerabilities are discovered in software, and he is the author of “The Art of Software Security Testing”.