A DevSecOps Maturity Model in 7 Words

A few weeks ago, I delivered a lightning talk (5 minutes, 20 slides, auto-advancing every 15 seconds) at DevOps Enterprise Summit.  

The talk was inspired by a conversation I had with Navin Vembar about a DevSecOps Maturity Model his organization developed at the U.S. Government Services Administration (GSA).  While several DevSecOps maturity models exist, Navin's started with seven important words that made all of the difference.

Take 5 minutes to watch this lightning talk now to learn how and why he used the words, "Not considered viable for a DevSecOps platform":

At the end of this presentation, I offered the audience a number of links that we're tied to my out of office address there.  Because my out of office message is no longer on, I have copied all of the links you will need here:

Navin Vembar’s DevSecOps Maturity Model from the U.S. General Services Administration

Here are four additional DevSecOps maturity models:

• https://www.sans.org/summit-archives/file/summit-archive-1510001450.pdf
• https://www.slideshare.net/AmazonWebServices/leveraging-cloud-transformation-to-build-a-devops-culture-aws-public-sector-summit-2016
• https://www.slideshare.net/shannonlietz/isaca-ireland-keynote-2015
• https://www.slideshare.net/DevOpsWebinars/security-at-the-speed-of-software-development 

Also, for the latest in DevSecOps blogs and event updates, I invite you to visit:

DevSecOpsDays.com

I hope Navin's insights and seven key words can help you on your DevSecOps journey.