When presenting the rationale for a new cultural practice such as DevSecOps, the first question from leadership tends to be along the lines of “where are the savings coming from?” With that in mind, there are four pillars of DevSecOps where we can emphasize efficiency as it aligns with a return on investment: strategy, people, process, and technology.
Strategy. When proposing a strategic shift, it’s critical to identify when that shift takes place. The answer? Move left in the SDLC. Focus efforts on reducing the remediation spend by remediating defects earlier in the development process. This leads to significant short-term development budget savings.
People. When proposing a cultural shift, it’s critical to identify who this will impact. Security Champions facilitating security testing play a major role when it comes to integrating DevSecOps methods into existing development team practices. Long-term security budget savings can be seen through security testing and security communication overhead.
Process. When proposing a shift in the team’s focus, it’s critical to identify what will be impacted. It’s key to limit security testing scope when optimizing processes for DevSecOps integration. In doing so, instant savings can be seen in the security budget.
Technology. When proposing a technology shift, it’s critical to identify how the technology will impact operations. The answer? When implementing DevSecOps you’ll find and fix defects more often, reduce defect management overhead, and minimize your technical debt. This leads to long-term development budget savings.
To gather a comprehensive understanding of how these pillars correspond, Meera Rao guides you through a real-world scenario illustrating how to create a well-oiled DevSecOps machine.
Presented by
Meera Rao,
Senior Director Product Management
Ms. Meera Rao is a Senior Director Product Management focusing on DevOps solutions at Synopsys, Inc. Ms. Meera has over 20 years of experience in software development organizations in a variety of roles including Architect, Lead Developer, and Project Manager, and Security Architect.
Ms. Meera has been working as a trusted adviser to Fortune 500 companies helping them achieve realistic goals for practical CI/CD & DevSecOps. She advises organizations in defining, implementing, maturing, scaling and measuring DevSecOps.
She is very passionate about getting more women working in the technology industry and participates, presents and speaks at several conferences, spreading her knowledge of security and the importance of women in the technology workforce. Meera was awarded the SecDevOps Trailblazer award from SecuritySerious in London in 2018.