Tuesday
Room 5
12:40 - 13:40
(UTC±00)
Talk (60 min)
Measuring DevSecOps
DevSecOps has recently become indispensable DevOps world part and continues the road to maturity. Most commonly, DevSecOps narrows to implementing security automation tasks in build and release pipeline. By leveraging automation, teams can apply security patches, provision shielded servers, scan code for security and deploy better-protected applications at a faster pace.
The benefits of taking a DevSecOps approach are easy to explain and natively visible for development and security teams. But how do you know that DevSecOps is working? In today's milestone of DevSecOps, you need to measure your security to demonstrate success and drive further transformation. What marks a high-secure team? Which KPIs can tell you what's working and what's not—and lead you to the insight that will explain why? What do you measure, how do you measure it, and what do the numbers say in reality? This talk outlines the most relevant KPIs that will create the foundation of DevSecOps metrics. The exercise that will continue to evolve as DevSecOps methodology becomes more established in teams of all type.
You will learn how to determine which security KPIs are essential to track for your team, how to do that, and how to visualize the metrics. The session goes from theory by introducing the metrics framework to technical demo.
Victoria Almazova
Security girl in Microsoft Norway with experience more than 13 years in security. She spends all her time working closely with developers and architects to make security built in from design level. She is a big supporter of making security as culture and shifting security to the left. Viktorija believes that empowering developers and architects in security tasks by helping with education will increase security level without increasing additional workload.
During the free time, she deep dives into Cloud security, development, identity and access management.