Chapter 5: Security Vital Signs: Collecting Critical Analytics

This Session Available Now!

  1. Watch Now

About This Series

The buzz around "DevSecOps" has persisted far longer than most tech trends, yet more than a decade since its introduction, many organizations still face significant hurdles in adopting it effectively. Engineering and security teams continue to struggle not only to reduce software risks but also to ease the persistent friction between development and security. And in many cases, these challenges have worsened. So why has progress been so difficult?

Welcome to the DevSecOps masterclass, where we will provide Application Security and Developer leaders & practitioners with the knowledge and tools to build and manage a successful DevSecOps program using the six pillars of Snyk's newly released DevSecOps Maturity Framework as our guide. Participants will learn how to build a strong foundation, work more seamlessly with both developers and security, and put an emphasis on Developer Security, the DevSec in DevSecOps.

Virtual Event Sessions

  1. Chapter 1: Is DevSecOps Dead? | Introduction to DevSecOps

    Now On Demand
    Partnered with:
    1. Snyk
    2. Accenture

    In this intro chapter, we'll kick off by exploring the fundamental principles of a successful DevSecOps program. You'll get an overview of Snyk's 6-pillar maturity framework, providing a comprehensive framework for understanding and implementing DevSecOps best practices. We'll examine key elements of a strong DevOps foundation, including aligned goals, shared responsibility, cross-functional collaboration, CI/CD automation, a blameless culture, and the importance of measuring and capturing key metrics.

    Join us to gain a foundational understanding of DevSecOps and lay the groundwork for building a secure and efficient software delivery pipeline.

     Learn More
    1. Brian Vermeer Brian Vermeer Staff Developer Advocate, Snyk
    2. Aaron Tesch Aaron Tesch DevSecOps Executive Leader, Accenture

  2. Chapter 2: People, Process, and Secure Code

    Now On Demand
    Partnered with:
    1. Snyk
    2. Deloitte

    A successful DevSecOps program requires a strong foundation built on strategy, culture, and secure design. This webinar will delve into the critical elements of these pillars, exploring how to create a shared vision, foster a security-conscious culture, and embed security into your development processes from the outset.

    We'll discuss the importance of a documented security strategy, defining ownership and accountability, and creating a learning culture. Additionally, we'll explore the concept of secure design, risk tolerance, asset inventory, and the benefits of simplifying technology stacks. Join us to learn how to establish a solid foundation for your DevSecOps journey and build a more secure and resilient organization.

     Learn More
    1. Vandana Verma Sehgal Vandana Verma Sehgal Staff Developer Advocate, Snyk
    2. Ayla Hitchcock Ayla Hitchcock Strategic Risk Senior Consultant in DevSecOps, Deloitte

  3. Chapter 3: Automating Security in Every Stage

    Now On Demand
    Partnered with:
    1. Snyk

    This chapter will dive into the critical role of testing and monitoring within your DevSecOps pipeline. We'll explore how to integrate security testing seamlessly into your development workflows, empowering your teams to identify and mitigate vulnerabilities early and efficiently.

    1. Scott Karabin Scott Karabin Customer Experience Director, Snyk
    2. Troy Havelock Troy Havelock Senior Solutions Engineering Specialist, Snyk

  4. Chapter 4: Don't Panic (And Other Incident Response Recs)

    Now On Demand
    Partnered with:
    1. Snyk
    2. ServiceNow

    Once vulnerabilities are identified, timely and effective response and remediation are crucial. This chapter will cover strategies for managing, prioritizing, and resolving security issues. We'll explore how to establish efficient incident response processes, leverage runbooks and playbooks, and prioritize vulnerabilities based on risk and impact. Discover techniques for automating remediation tasks, fostering a security-conscious culture, and the importance of regular software updates.

    1. Sonya Moisset Sonya Moisset Staff Security Advocate, Snyk
    2. Aaron Bennett Aaron Bennett Sr. Manager, Corporate Development Partnerships, ServiceNow

  5. Now On Demand
    Partnered with:
    1. Veeam
    2. Everpure
    3. Rubrik
    4. HPE
    5. Recovery Point
    6. HPE Zerto Software
    7. Zscaler
    8. Cohesity

    Protecting organizational data requires a comprehensive approach that integrates robust security measures, effective employee training, reliable backup strategies, and more.

    This MegaCast will explore how to create a holistic data protection framework to safeguard critical assets from internal and external threats. As an attendee, you will learn about the latest tools and techniques for securing sensitive information, strategies for educating employees to recognize and prevent cyber risks, and best practices for ensuring business continuity through effective backup and recovery plans.

    The discussion will also cover emerging challenges and how to prepare for future threats. Join us to discover how to build a resilient and secure data environment that supports business goals.

    Why You Should Join:
    • Gain insights into building a comprehensive data protection strategy
    • Discover tools and techniques for securing sensitive information
    • Explore effective backup and recovery solutions to ensure continuity
     Learn More
    1. Rick Vanover Rick Vanover Vice President, Product Strategy, Veeam
    2. Jason Walker Jason Walker Technical Strategy Director, Cyber Resilience, Everpure
    3. Justin Ruiz Justin Ruiz Director, Data Protection, Rubrik
    4. Marc Kravitz Marc Kravitz Solution Business Manager, North America Data Services & Storage, HPE
    5. Jeff Judy Jeff Judy Chief Cloud Architect, Recovery Point
    6. Bryan Fisher Bryan Fisher Cloud Architect, HPE Zerto Software
    7. Steve Grossenbacher Steve Grossenbacher Senior Director, Product Marketing, Zscaler
    8. Chris Hoff Chris Hoff Senior Product Marketing Manager, Cohesity
    9. Brad Vincent Brad Vincent Senior Product Marketing Manager, Cohesity

  6. Chapter 5: Security Vital Signs: Collecting Critical Analytics

    Watch Now!
    Partnered with:
    1. Snyk

    This chapter will discuss how to collect, analyze, and interpret key security metrics, define and track meaningful KPIs and SLOs, and leverage data to inform your security strategy. Additionally, we'll explore the importance of sharing and communicating metrics to foster transparency, build trust, and reinforce a security-conscious culture. Join us to learn how to determine the health of your security program to optimize your DevSecOps practices and achieve your security goals.

    1. Clinton Herget Clinton Herget Field CTO, Snyk

  7. Now On Demand
    Partnered with:
    1. Frontegg

    Customer identity isn't your core competency, but it sure is taking up your developers' time. As you grow, you find yourself pouring more resources into grooming a homegrown CIAM solution that you built when you were just starting out and had simple needs. Now that you've grown, you find yourself juggling multiple customers, all with their own set of requirements. You want to focus on innovation, but instead get bogged down fielding CIAM requests. And you can't quite shake the feeling that despite your best efforts to maintain your own auth, somewhere along the way, stuff is going to break and security will be compromised.

    In this webinar, we'll show the real costs of sticking with your homegrown system, why it's so hard to make your homegrown system enterprise-grade, and how out-of-the-box CIAM solutions can help you scale.

    • The costs of maintaining custom tech solutions over time
    • Top signs you've outgrown your homegrown auth solution
    • The ROI of buying a CIAM solution
     Learn More
    1. Dignified Sorinolu-Bimpe Dignified Sorinolu-Bimpe Solutions Engineer, Frontegg
  1. Accenture
  2. Cohesity
  3. Deloitte
  4. Everpure
  5. Frontegg
  6. HPE
  7. HPE Zerto Software
  8. Recovery Point
  9. Rubrik
  10. ServiceNow
  11. Snyk
  12. Veeam
  13. Zscaler