CISO Executive Network Roundtable: DevSecOps and Application Security

Robinson Bradshaw hosted the December breakfast roundtable for the CISO Executive Network Charlotte group. The meeting's theme was "DevSecOps and Application Security." Robinson Bradshaw attorney Allen O'Rourke provided a brief legal update.

Many CISOs admit that they have little understanding of or control over applications. Therefore, application security is often overlooked or minimized. With DevOps being the new standard for most companies, the speed at which applications, websites and systems are developed and updated is overwhelming the limited resources in information security. Typically, development teams have 10 to 20 people working on new services for every one information security person. In this series, the group looked at ways to embed security into the DevOps and application development processes.

Topics discussed in this series included:

• Defining DevSecOps
• Injecting security to the DevOps cycle
• Finding DevSecOps resources
• Role of information security in application development
• Tools and technologies that help with Application Security/DevSecOps
• Companies' dependence on software in the digital economy
• Speed at which code is being pushed to production 
• Securing cloud-based development processes
• Role of digital transformation influencing DevOps
• Multi-cloud orchestration
• Containerization security
• Security/Privacy by design
• Securing COTs products