Over the past several years our team at Sonatype has organized and hosted more than 30 DevSecOps Leadership Forums (DLF) around the world.
When we held our very first DLF event, the goal was simple: gather technology innovators from regional business communities to share experiences and learn from one another as they work to embrace DeSecOps patterns and practices to help digitally transform their organizations.
This year, under COVID-19 circumstances, we’re hosting the DLF in a virtual and online format. However, the goal is exactly the same!
Join us on May 7th from 1-4pm ET or 10-1pm PT to learn from, and exchange ideas with, leading DevSecOps experts who are working to align software, security, and operations resources so their organizations can innovate faster with less risk. Here’s a sneak peek at the topics that will be discussed this Thursday.
1:15 PM -- My AppSec Journey at Bloomberg: “Baking In” vs. “Bolting On”
Bryan Batty, Director of Product and Infrastructure Security, Bloomberg
In today’s world where every software developer is borrowing and using large amounts of code from third-party open-source projects, it’s not enough to “bolt security on” at the end of the software development lifecycle. Organizations need to shift left and implement controls that are capable of “baking security” and “open source hygiene” into the software development lifecycle early and everywhere. This is a reflection of lessons learned during Bryan’s DevSecOps journey at Bloomberg.
1:40 PM -- DevSecOps for Financial Services: Making Right Easy in Regulated Markets
- Howard Zeemer, Staff Engineer, OTA Team Lead at LendingTree
- Rob Keyes, VP, DevOps, Nomura
- Sladjana Jovanovic, VP, Enterprise Payments and Technology, TD Bank
How do banks and financial service firms compete and win in today’s world? Is success measured by their ability to manage dollars and cents and deliver financial returns? Or is success based on their ability to engineer bits and bytes and deliver compelling software innovation? Maybe the better question is this: what’s the difference? Join this session to hear from engineering leaders on the front lines of DevSecOps within leading financial services institutions. Hear how they are working to align software developers, security professionals, and IT operations on the same team so their organization can continuously identify and remediate software risk, without slowing down innovation.
2:05 PM -- Stretch Break
2:20 PM -- DevSecOps Journey: Why Dev and Sec Don’t Work Without OPS!
Joe Friedrichsen, Managing Director Infrastructure and Operations, BCBS RI
Oreo cookies and ice cold milk. It’s a classic combination. So too is the critical role of IT operations to empower synergy between software development and application security. Join this session to hear how Joe Friedrichsen and his team at BCBS-RI are bringing their operations A-game to improve experiences and job satisfaction for everyone up and down the SDLC and help drive digital transformation in healthcare payments.
2:45 PM --The Stockdale Paradox, Mountain Climbing, and DevSecOps
- Garrison Hu, Head of AppSec, T-Mobile
- James Dean, Manager of Deliver Automation Services, BCBS TN
- Rob Aragao, Chief Security Strategist, MicroFocus
The Stockdale Paradox is a concept that was popularized by Jim Collins in his book Good to Great. It was named after James Stockdale, former vice presidential candidate, naval officer, and Vietnam prisoner of war for eight long years. In simplest terms, the paradox states that when faced with a difficult challenge, it is wise to balance realism (brutal honesty about circumstances) with optimism (unwavering belief that success is inevitable).
Now, imagine DevSecOps is a mountain. How difficult is the climb? How realistic should you be about the challenges? How optimistic should you be about the outcome? Join this panel to explore ways in which the Stockdale Paradox and mountain climbing metaphors might (or might not) apply to DevSecOps and the task of integrating security and governance controls into modern developer workflows and digital supply chains.
3:10 PM -- Sleeping Securely During COVID-19 Induced Coma
Mike Wilkes, ASCAP
There is literally no precedent for the business challenges presented by COVID-19. In the name of public health, economies and corporations across the world have chosen to shelter in place. It’s the equivalent of a medically induced coma. But even in a coma, the body’s critical functions still work. That is also true for corporations during COVID-19. Critical business functions continue to operate, albeit in a distributed and virtual manner. How should corporations and modern IT departments think about securing their enterprise during a medically induced coma? What challenges are presented by a work at home posture? Do we release software any differently than we did before? Can we take advantage of this time to strengthen competencies? Can we do more with less?
We hope you’ll join us and fellow senior technology leaders across the U.S. and Canada on May 7th as we come together to collaborate and improve upon our DevSecOps journeys.