The Most Important Considerations in Building a DevSecOps Pipeline

November 6, 2019 Douglas Barbin

The Most Important Considerations in Building a DevSecOps Pipeline

A panel of 20 DevSecOps Pros was recently interviewed by Security Boulevard's Pam Chhum, to learn more about key considerations and best practices for building a DevSecOps pipeline. Schellman's Doug Barbin was included in that panel, and you can find his response below. Read other expert's responses in the full article on Security Boulevard's website.

Written by Pam Chhum

In a recent Threat Stack report, 44 percent of DevOps professionals we surveyed said that when it comes to security-related issues, they’d have to rely on someone else. Even if DevOps pros had the time to dedicate to security issues, many developers lack the expertise needed to improve the security of their applications. What’s more, security proves to be a significant roadblock in application development: 40 percent of those surveyed at this year’s RSA conference reported that the impact on agility and speed of application development and deployment is their most significant roadblock when it comes to implementing application security programs.

One solution is to introduce security earlier in the development process, but that’s often easier said than done. Threat Stack is purpose-built for Operations and Security teams running in the cloud, offering a security platform that’s intuitive for Ops teams so they can take ownership of security as well as complete visibility so you can take prompt action on suspicious behavior. And, Threat Stack’s Cloud Security Platform® now includes Application Security Monitoring at no additional cost to help you address common DevSecOps challenges —  all without slowing down your DevOps processes and workflows.

As more companies look to integrate security into the DevOps process, following best practices is key so DevSecOps becomes a benefit rather than a hindrance to your DevOps team’s productivity. To learn more about key considerations and best practices for building a DevSecOps pipeline, we reached out to a panel of DevSecOps pros and asked them to answer this question:

“What is the most important consideration in building a DevSecOps pipeline?”

Doug BarbinDoug Barbin is the Principal and Cybersecurity and Emerging Technologies Practice Leader of Schellman & Company, LLC, a global independent security and privacy compliance assessor.

“There needs to be traceability in an effective DevSecOps process…”

Actions taken by DevOps personnel need to be logged, especially those with justifiably higher levels of access that may bend traditional separation of duties definitions. Additionally, the procedures followed and tools utilized to perform security testing also need to generate trails to show auditors, regulators, and customers that controls are operating.

DevOps is reality; it has been for some time, and companies are utilizing the delivery model for the right reason. However, as an auditor, we frequently come in to see the commercial benefits while a software or cloud provider struggles to prove that the Sec in DevSecOps is really in place.

Read the full article at >>

About the Author

Douglas Barbin

As Chief Growth Officer and firmwide Managing Principal, Doug Barbin is responsible for the strategy, development, growth, and delivery of Schellman’s global services portfolio. Since joining in 2009, his primary focus has been to expand the strong foundation in IT audit and assurance to make Schellman a market leading diversified cybersecurity and compliance services provider. He has developed many of Schellman's service offerings, served global clients, and now focuses on leading and supporting the service delivery professionals, practice leaders, and the business development teams. Doug brings more than 25 years’ experience in technology focused services having served as technology product management executive, mortgage firm CTO/COO, and fraud and computer forensic investigations leader. Doug holds dual-bachelor's degrees in Accounting and Administration of Justice from Penn State as well as an MBA from Pepperdine. He has also taken post graduate courses on Artificial Intelligence from MIT and maintains multiple CPA licenses and in addition to most of the major industry certifications including several he helped create.

More Content by Douglas Barbin
Previous Article
FedRAMP at a Glance [Infographic]
FedRAMP at a Glance [Infographic]

Schellman has performed a third of FedRAMP assessed systems and is the #2 3PAO provider.

Next Article
The Age of Coordinated Ransomware – What Is It, What Can You Do?
The Age of Coordinated Ransomware – What Is It, What Can You Do?

Though ransomware attacks aren’t a recent phenomenon, they seem to be increasing in frequency and intensity...


First Name
Error - something went wrong!