Have you ever heard of: ‘one apple a day keeps the doctor away’? Fact that makes each one of us responsible for doing a small action that should improve our life.

If we took this to the DevOps world, the proverb would be brought by DevSecOps. It adds security to the process and shifts security from reactive to proactive. Makes each team member responsible for the security of the development, the platform and the deployment, in short, of the entire product.

To eat an apple would be way too easy, and that’s not what we are here for, not to be conformist, though we are adaptable we are ready to take action based on these next terms:

* Teams: everyone is responsible, we must break down the barriers between us, no more traditional silos of expertise, build and deploy with security is everyone's concern.

* Process: teamwork is encouraged, never hearing again: “that’s not my problem”

* Technology: we need to fight against technical security debt because that’s the ballot paper we be in the news.

To sum it all up, security sets the requirements and DevOps manages the frequency of scan occurrences according to the development practices. Will see how to assess the level of maturity of our organization, what metrics should we review and which are the warning signs before is too late for an ‘apple a day’ or our company makes the front page.

Comments

Comments are closed.

Rated 1

Andreu B at 09:31 on 6 Jun 2019

both content and presentation skills were really baad

Rated 4

Vincent R. at 10:26 on 6 Jun 2019

Fresh air for the DevOps paradigm. Good presentation.

Rated 5

devopsFan at 10:43 on 6 Jun 2019

great talk¡¡¡

Rated 1

Peter Stefan at 11:15 on 6 Jun 2019

Slides were fine but speaker not same level

Rated 2

Santi Muñoz at 11:48 on 6 Jun 2019

Too many videos and very generic content in the slides, I expected a more technical stuff.

Rated 1

Mauro Rocha at 12:36 on 6 Jun 2019

Too many videos and generic slide content.
Presenter just read notes.

Organizers should work to avoid speakers who just read aloud written material. Material which was supported by slides containing typos, silly sentences like 'a closed issue is one which has been closed, an open issue is one which was opened', or even inconsistencies like 'This is important--> go from DevSecOps to SecDevOps', which is the opposite the speaker had been explaining minutes before. Where was the language corrector?

The material looked thought for another kind of audience, for example the MrRobot clip seemed to advice against simple developers out there, who incidentally happened to be the audience.

The talk makes you think about the topic.

Rated 2

Rubén Vazquez at 16:06 on 6 Jun 2019

T'he talk had potential but It was so generic

Rated 1

Buitaker at 18:58 on 6 Jun 2019

Shell ideas and solutions, not how important is

Rated 4

Miguel A. at 19:30 on 6 Jun 2019

Good presentation but she need bit more stagging. I think the english accent isn't important for broadcast the message.

Rated 1

Jaume at 12:47 on 7 Jun 2019

The content wasn't suitable at all with the audience. Too generic too.

Speaker completely lost in communication skills, reading all the time from the papers she brought with, and even like that was unable to pronounce correctly any sentence. Content might have been useful but she lost us in the second 1 with the first video. This kind of info I can read on the internet, we need something more technical or probable, otherwise the audience grabs the laptops and cellphones or simply runs away.

Rated 4

JesusBartolome at 14:42 on 7 Jun 2019

The talk was not technical and it didn't pretend to be, it was a talk to start the day and talk about security in a simple and easy way and making people think a bit. It was exactly what explains in the summary.
She should improve English, but it was easy to understand

The talk was exactly what it said it was going to be and this is why we decided to choose it.

Most companies are vulnerable at absolutely all levels and we have never seen an environment where all the team was aware of it, knew the consequences or even had many ideas on how to protect the systems they were building. Probably better not run a basic scan to your systems and publish it here, right?

Having said that, feedback is welcome when it is constructive but most of the comments here are far from it. Specially comments made when the talk was not even half way through. The English level has room for improvement but it takes guts to prepare a talk in a language which is not your mother tongue, go in front of 500 people and present a topic, whatever it is.

Well done Irene, we would totally have you again as a speaker and if you think you can do a much better job our call for papers will soon be open for next year!