A Simple Framework for DevSecOps Transformation
This talk is a simple step-by-step framework for a full DevSecOps cultural transformation. It explains how to build trust. It addresses the mindset shift concerns for all relevant audiences. It covers first steps and how to track progress. It's adaptable to any environment regardless of industry, technology, or maturity. Most importantly it's been proven in a highly diverse environment at Comcast.
Larry Maccherone is a Distinguished Engineer at Comcast where he currently leads the DevSecOps transformation initiative. Previously, Larry served as the Insights Product Line Director at Rally, where he published the largest ever study correlating development team practices with performance. Before that, Larry worked at Carnegie Mellon with the Software Engineering Institute (SEI) and CyLab conducting research on cybersecurity and software engineering. While there, he co-led the launch of the Build-Security-In initiative. He has also served as Principal Investigator for the NSA's Code Assessment Methodology Project, on the Advisory Board for IARPA's STONESOUP program, and as the Department of Energy's Los Alamos National Labs Fellow. He speaks and publishes regularly on DevSecOps, Lean/Agile, and analytics and he is the primary author of a dozen open source projects, one of which gets 500,000 downloads per month.