Throughout a series of recent conversations that I've had with CISOs, a common question has emerged: "How do I get a seat at the DevOps table?"
It's an understandable challenge that many security leaders are grappling with today. Too often, security teams are unaware of what's in their organization's application pipeline until after it's pushed to production. Only then can they assess any potential risk introduced to the business, while simultaneously scrambling to take appropriate action.
To be in the room where it happens, to get that coveted invitation to the DevOps table — and keep your seat for the long run — you must contribute real value. It's not enough to simply be there. It requires a balanced give-and-take.
Adding value happens in different ways. Regarding business, security teams provide essential risk management and mitigation services to organizations, but from the DevOps perspective, more is needed. Security teams need to design programs and introduce solutions that can keep pace with the DevOps workflow. In a word, security needs to bring speed. Here are four ways to make that happen.
1. Forge RelationshipsSure, you can sit in on a few development conversations. It's a great way to initiate efforts around effectively securing applications and infrastructure. You'll learn a lot and maybe even share a few best practices on secure coding. But cultivating collaborative, mutually beneficial relationships requires much more. You have to make the time and effort to get to know your development counterparts. Get smart on DevOps fundamentals, read what they're reading, participate in regular demos, and understand what keeps them up at night, what excites them most about their work. These personal relationships and bits of i ..
Support the originator by clicking the read the rest link below.
