SATURN 2018 has ended
Welcome to the SATURN 2018 program! Be sure to create a login for Sched.com and start building your program online.
Tuesday, May 8 • 10:30am - 11:15am
A Lesson Learned from DevOps Transformation at Air-Gapped Environments

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
DevOps has become a standard option for entities seeking to streamline and increase comprehensive participation by all stakeholders in their secure development lifecycle (SDLC). In most cases in industry, academia, and government, applying DevOps is a straightforward process. There is a subset of entities in these three sectors where applying Secure DevOps is challenging. These are entities that are highly regulated (HRE) as mandated by policies for various reasons (most often for general security reasons and the protection of intellectual property). This presentation describes what was learned applying DevOps in these environments.

The SDLC of a highly regulated entity can still benefit from implementing DevOps as long as it does not break any policy. An HRE is typically characterized by the following: air-gapped computer systems, isolated working groups, strong physical security, segregation of duties, an inability to speak openly on certain topics, strong scrutinizing to enter certain areas, inability to take certain artifacts off the premises, and required risk management framework integration into application development process. In general, these environments promote isolation and gaps between persons and projects—in direct contrast to DevOps, where the main goal is to establish open communication between all members and stakeholders of a project, including SOC staff.

avatar for David Shepard

David Shepard

Software Engineering Institute
David has made a career working in many different areas of the information technology field. He has spent time building networks, administering servers, designing software, writing and debugging software, working on process improvement initiatives, auditing application security, implementing... Read More →
avatar for Hasan Yasar

Hasan Yasar

Software Engineering Institute
Hasan Yasar is the technical manager of the Secure Lifecycle Solutions group in the CERT Division of the Carnegie Mellon University Software Engineering Institute. Hasan leads an engineering group on software development processes and methodologies (specifically on DevOps and development... Read More →

Tuesday May 8, 2018 10:30am - 11:15am CDT
Prairie C Hilton Dallas/Plano Granite Park