Training Session Video
There will be two short presentations, one by Manuel Pais and another one by Mario Platt, followed by a discussion with everyone on the topics presented.
The ratio of developers to security is 1:100 or worse, according to multiple surveys. DevSecOps has raised the profile of security in IT but we still see a regular stream of serious data breaches exposing large security gaps in many organizations.
You might have heard a lot about shift left security, automated security testing in the delivery pipeline, container image scanning, and so on. These are all valuable techniques but… are we forgetting the power of collaboration, facilitation, and shared responsibilities?
By re-thinking our team structures and how they interact with security teams we can find effective, team-oriented ways to beat the negative effects of that 1:100 ratio. This is what we did with DevOps, right? The DevOps topologies catalog compared and contrast different team organization models to enable sharing of knowledge and responsibilities between dev and ops.
We need to do the same for DevSecOps and in this talk I will present a few possible approaches to bridge this painful security gap. These are conversation starters and not an end in themselves. Let’s discuss the pros and cons, and in which contexts different approaches are suitable.
In Security teams, we tend to adopt a static approach to team creation leading to all sorts of problems relating to org chart thinking and impact of Conway’s law. Using Team Topologies, we can start being more deliberate in how we organise our security teams and also how we interact with other teams in the organisation.
This section is an exploratory exercise where we’ll all be participating, in applying Team Topologies concepts to the organisation of Cyber Security teams so we can document and share it with the community.
Back to list of all Working Sessions