Alan Shimel, Founder and CEO of MediaOps, welcomes you to the DevOps Connect DevSecOps Days 2020

Bryson Koehler, Equifax CTO and Jamil Farshchi discusses the road ahead in data security and how Equifax is changing the way they fortify the systems that failed last year and keep pushing to stay ahead of the technology curve.

Join Ross Clanton as he shares the lessons learned while leading multiple technology transformation and innovation initiatives across Verizon and Target. His passion for DevOps stems not only from the fact that it improves business outcomes, but that it can also improve engagement and overall happiness of people working in technology.

This panel discusses transformational leadership, including challenges that need to be overcome and techniques for leading DevSecOps transformation. You will hear how all of the panelists have approached this topic in each of their respective companies.

Jasmine James, DevOps CoE, Delta Airlines, shares her best practices on how she administers, documents and supports the development tools to enable the faster delivery of quality software.

The goal of a DevSecOps initiative is to get development teams to make certain mindset shifts and adopt security practices, which simply cannot be done without healthy collaboration and mutual trust. There's the rub. There is typically a lack of trust between the security group and dev teams.

This talk introduces an "algorithm" you can use it to build this trust.

Many of the Dev*Ops talks revolve around tools and culture. There are some good, fascinating talks all shouting: “All for the great (business) good!” Yet, they rarely address topics at the interpersonal, relationship level. Pipelines and automation increases our confidence in the process, but does it increase our trust in people? Are we really asking the right questions when we adopt a new tool or do yet another company transformation?
• We start the talk by looking into different models of trust (the currency of trust, faith vs trust, trust vs beliefs...)
• Translate them to day-to-day activities in organisations (reviewing a pull request, security audits, the backlog graveyard, full stack development...)
• How trends like DevOps and DevSecOps relate to trust and confidence (autonomous teams, you build it you run it, hiring for remote...)
• As an extra bonus we will hold a mirror to ourselves while exploring how we trust tools (how we pick an OSS library, select a SaaS solution, the Ikea Effect, chaos engineering...)
• Finally we validate how we can make ourselves more trustworthy (borrowing from Promise Theory)
I have no psychology degree, but given my grey hair and lots of stories from the trenches, I hope you can trust me enough to give you an entertaining and thoughtful talk.

For mature companies, like North American financial institutions, a stable app that is functional 24/7/365 has become the KillerApp, because this is how we measure Trust that our customers have in us in the digital world. This means that we have to make Resiliency a top priority.

The good news is that, nowadays, everyone is bought into resiliency and is willing to invest in it. We in TD Bank have been busy implementing our resiliency framework. Specifically, we have been focusing on changing how much risk we are taking with each release by adopting Agile and making smaller, more frequent releases. To do that, we needed to shift-left automation and work closely with our risk and control partners to establish trust and acceptance. We also had to implement many strategies to mitigate risk in production.

Of course, the hardest part has been changing the mindset. We have worked on improving collaboration between our teams – business, development, security, etc. As a result, we have successfully broken many silos and instead created communities that collaborate and are aligned to the needs of our customers. This has made our people more resilient and has been essential to making our platforms more resilient.

Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Data Protection, Internet of Things, Coordinated Vulnerability Disclosure (CVD) and more are among the most active and developing areas of security regulation around the world. This evolving landscape also serves as an opportunity for innovation, collaboration and harmonization. This talk introduces the audience to the variety and influx of legal and regulatory concepts and proposals shaping the future of security focusing on recent trends. Highlights will include coordinated vulnerability disclosure, researchers’ collaboration, IoT Security, anti-hacking laws, standards efforts and more. We will also talk about bug bounties and vulnerability disclosure, what are some of the industry's best practices in this area, and how to implement these programs at your organization to foster security, collaboration and transparency.

As organizations seek the business benefits of DevSecOps, both “sides” – DevOps and Security – have a role to play in bridging the divide. StackRox VP Michelle McLean and Alan Shimel discuss the challenges, why it’s hard to change, and what teams can do differently. Learn about:

- DevOps’ need to think of security as more than vulnerability scanning
- The importance of DevOps embracing input from Security
- The very real challenge of “shadow Kubernetes” that Security must address
- How Security teams can define realistic priorities for securing cloud-native tech

Tune into this session to learn what steps you can take to enable DevSecOps in your organization.

I'll discuss the 'journey to the cloud' and the challenges and considerations from a network and cloud security perspective.

Many companies make “disruption” their goal. They believe if they just develop the right innovation, they will disrupt their markets forever and drive the kind of growth worthy of a magazine cover story. But that’s not how disruption works. Disruption doesn’t create growth; growth creates disruption. While growth is always hard, disruptive growth is exponentially harder. It requires companies to make tough decisions in the face of daunting uncertainties. Disruption demands bold leadership and, often, massive cultural transformation. This session consists of two parts: A keynote presentation by bestselling author Charlene Li followed by a panel discussing the ideas and how they are applied in organizations Takeaway value are practical ways that you can lead a disruption and create exponential change in your organization.

In this session you will learn how to leverage JFrog Xray to achieve radical transparency of the binary components in your data center. Understand the impact of these components on production system quality, performance, and architectural changes. We will also cover security topics such as circle of trust, security between locations, security replication, access tokens, and auditing.

Disruption and DevSecOps seem to go together like a well paired wine and cheese, both are needed in our industry, both are at a point where they’ve spend long enough in the cellar and need to come into the light. As an industry we’re not rowing in the same direction and the collaborative efforts being exerted by the DevSecOps moment is making headway by challenging the silos that have built up. The panel is stacked with a crew of individuals whom are well known in the industry for not shying away from issues, and are advocates for tackling communication, collaboration and cooperation challenges head on. We’ll have a good conversation around the why’s and wherefores of integrating DevSecOps and how it needs to be the cornerstone of a collaborative future within the enterprise.

We learn as much, if not more, from hearing stories of failure as we do from success stories. In this session, the authors of Epic Failures in DevSecOps talk about the genesis of their failure stories, and the experience they gained from working through a major fiasco. Panelists included Sladjana Javonovic and Bill McArthur from TD Bank, Chris Riley from Splunk, Jasmine James from Delta Airlines and Ryan Lockard from Contino.