The DevSecOps Playbook: Deliver Continuous Security at Speed by Sean D. Mack.
Sean holds a BS in Computer and Information Sciences from UC Santa Cruz and MBA from Seattle University. He is CIO and CISO at Wiley, VP of Operations and Applications at Pearson, Director of Global Product Development and Delivery at Experian, and Senior Director of Technical Operations at RealNetworks.
In fact, the term Development, Security, and Operations (DevSecOps) stands for a framework that integrates security into all phases of the software development lifecycle. Today more than ever before DevSecOps must deliver continuous security at the speed of business. DevSecOps can only succeed when the organization supports the triad of people, process, and tech to delver strong cybersecurity infrastructure and practices.
To simplify, DevSecOps emphasizes incorporating security measures from the beginning of the development process, rather than treating them as an afterthought or post deployment requirement. This approach identifies and mitigates potential security risks early on.
Sean outlines why it’s critical to shift security considerations to the front-end of the development cycle, how to do this, and how the evolution of a standard security model since the pandemic has impacted modern cybersecurity.
Collaboration is key
Perhaps the key lesson is how important collaboration, culture, and a shared responsibility model is needed to successfully implementations. For IT teams regardless of market, DevSecOps impacts IT service management, security incident management, change management, and continuous delivery. And to no surprise is the need to deploy logging and monitoring tools for detecting security threats. Consider the impact of John Doerr’s Measure What Matters to further understand the units need to collaborate on the right datasets:
Governance and Compliance
Sean is certainly addressing the challenges of compliance and risk management in a DevSecOps context, introducing concepts like compliance as code. He provides guidance on driving DevSecOps transformation within the enterprise environments.
In conclusion, Sean provides a solid introduction to DevSecOps principles, including its history, core concepts, and business benefits. Most importantly Sean reveals the evolution of cybersecurity. In 2024 this requires organizations to have fully pivoted from a perimeter-based security to a zero trust model to address the modern threat landscape.