How to establish a DevSecOps organization

Click for: original source

DevSecOps integrates automated security checks and hardening into every stage of the software development and deployment process. Practitioners aim to have risk-checked applications fully developed and into production at the speed the business needs, making continuous incremental improvements. By Chris Buijs.

Enterprises are now taking notice, though few have already made the leap to get there. Most companies are still mulling the question: “How do we get from where we are today to where we want to be?”

Here are some recommendations for getting started:

  • Be intentional about culture
  • Start small, and focus on process and upskilling
  • Bring on new talent to pave the way
  • Combine best-of-breed tools
  • Consider outsourcing
  • Don’t try to reinvent the wheel

Major shifts often come with hiccups. For starters, companies may find converting an existing organization too challenging, expensive, and/or time-consuming, which can hold back DevSecOps and digital transformation or development projects in general. Nice one!

[Read More]

Tags infosec devops management cio kubernetes