The Most Important Considerations in Building a DevSecOps Pipeline

November 6, 2019 Douglas Barbin

The Most Important Considerations in Building a DevSecOps Pipeline

A panel of 20 DevSecOps Pros was recently interviewed by Security Boulevard's Pam Chhum, to learn more about key considerations and best practices for building a DevSecOps pipeline. Schellman's Doug Barbin was included in that panel, and you can find his response below. Read other expert's responses in the full article on Security Boulevard's website.

Written by Pam Chhum

In a recent Threat Stack report, 44 percent of DevOps professionals we surveyed said that when it comes to security-related issues, they’d have to rely on someone else. Even if DevOps pros had the time to dedicate to security issues, many developers lack the expertise needed to improve the security of their applications. What’s more, security proves to be a significant roadblock in application development: 40 percent of those surveyed at this year’s RSA conference reported that the impact on agility and speed of application development and deployment is their most significant roadblock when it comes to implementing application security programs.

One solution is to introduce security earlier in the development process, but that’s often easier said than done. Threat Stack is purpose-built for Operations and Security teams running in the cloud, offering a security platform that’s intuitive for Ops teams so they can take ownership of security as well as complete visibility so you can take prompt action on suspicious behavior. And, Threat Stack’s Cloud Security Platform® now includes Application Security Monitoring at no additional cost to help you address common DevSecOps challenges —  all without slowing down your DevOps processes and workflows.

As more companies look to integrate security into the DevOps process, following best practices is key so DevSecOps becomes a benefit rather than a hindrance to your DevOps team’s productivity. To learn more about key considerations and best practices for building a DevSecOps pipeline, we reached out to a panel of DevSecOps pros and asked them to answer this question:

“What is the most important consideration in building a DevSecOps pipeline?”

Doug BarbinDoug Barbin is the Principal and Cybersecurity and Emerging Technologies Practice Leader of Schellman & Company, LLC, a global independent security and privacy compliance assessor.

“There needs to be traceability in an effective DevSecOps process…”

Actions taken by DevOps personnel need to be logged, especially those with justifiably higher levels of access that may bend traditional separation of duties definitions. Additionally, the procedures followed and tools utilized to perform security testing also need to generate trails to show auditors, regulators, and customers that controls are operating.

DevOps is reality; it has been for some time, and companies are utilizing the delivery model for the right reason. However, as an auditor, we frequently come in to see the commercial benefits while a software or cloud provider struggles to prove that the Sec in DevSecOps is really in place.

Read the full article at >>

About the Author

Douglas Barbin

Doug Barbin is managing principal (and co-owner) responsible for firmwide growth and service delivery including new services, sales, global expansion, technology partnerships, business development, marketing, and key client relationships. During his more than 11 years at Schellman, he has been privileged to work with many of the world's leading cloud computing, federal, FinTech, healthcare, AI, and security provider clients. Doug has more than 24 years’ experience, starting with a then Big 6 firm followed by a decade working in the cybersecurity and financial services industries. He maintains multiple CPA licenses, along with CISSP, CIPP, ISO 27001 Lead Auditor, and QSA certifications. He is very active in industry organizations and regularly speaks on commercial and government compliance and its application to cloud and other advanced technologies.

More Content by Douglas Barbin
Previous Article
FedRAMP at a Glance [Infographic]
FedRAMP at a Glance [Infographic]

Schellman has performed a third of FedRAMP assessed systems and is the #2 3PAO provider.

Next Article
A Spooky Tale of Cybersecurity
A Spooky Tale of Cybersecurity

When it comes to cybersecurity, it’s the things we don’t know that can be the scariest.


First Name
Error - something went wrong!