Scribd Logo
Upload

Welcome to Scribd!

  • Starting Devsecops Initiative in Organization : Rusdi Rachim Devsecops Indonesia - Community Meetup - Sep 13, 2019

    Uploaded by

    Ravi Kumar Gali
    7 views10 pages
    Starting DevSecOps Initiative in Organization The document outlines an approach for starting a DevSecOps initiative in an organization. It discusses getting sponsorship and buy-in, scoping the work, establishing governance and security requirements, implementing security testing and code reviews, providing security training, and monitoring progress. The approach involves kickstarting the initiative through awareness events, appointing security champions, and meeting stakeholder objectives through a phased implementation focusing on automation, governance, and project delivery and support streams. Lessons learned include the resource intensity and need for ongoing ownership and improvement to maintain the DevSecOps approach.

    Original Description:

    Original Title

    5_6071166680711561386

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Starting DevSecOps Initiative in Organization The document outlines an approach for starting a DevSecOps initiative in an organization. It discusses getting sponsorship and buy-in, scoping the work, establishing governance and security requirements, implementing security testing and code reviews, providing security training, and monitoring progress. The approach involves kickstarting the initiative through awareness events, appointing security champions, and meeting stakeholder objectives through a phased implementation focusing on automation, governance, and project delivery and support streams. Lessons learned include the resource intensity and need for ongoing ownership and improvement to maintain the DevSecOps approach.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views10 pages

    Starting Devsecops Initiative in Organization : Rusdi Rachim Devsecops Indonesia - Community Meetup - Sep 13, 2019

    Uploaded by

    Ravi Kumar Gali
    Starting DevSecOps Initiative in Organization The document outlines an approach for starting a DevSecOps initiative in an organization. It discusses getting sponsorship and buy-in, scoping the work, establishing governance and security requirements, implementing security testing and code reviews, providing security training, and monitoring progress. The approach involves kickstarting the initiative through awareness events, appointing security champions, and meeting stakeholder objectives through a phased implementation focusing on automation, governance, and project delivery and support streams. Lessons learned include the resource intensity and need for ongoing ownership and improvement to maintain the DevSecOps approach.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    Starting DevSecOps Initiative in

    Organization*
    RUSDI RACHIM
    DEVSECOPS INDONESIA – COMMUNITY MEETUP – SEP 13, 2019
    The Background

    Addressed BU Practical
    Non startup
    Pain Points Challenge Approach

    Less Enable Meet


    No Surprises
    Disruption Stakeholders Objectives
    The Approach
    Monitoring &
    Evaluation
    •Monitoring the deliveries
    Kickoff &
    •Evaluate
    Implementation
    •Lessons Learned
    •Get the attentions
    Awareness
    •Get Security Champions
    &”Selling”
    •Details
    •Get sponsors •Involved stakeholders
    Scope & Details
    •Awareness Events
    •Scope of Works •Get Management
    •WBS Supports
    Objectives &
    •Deliverables
    Alignment •Evaluation Strategy
    •Pain Points
    •Risks
    •Benefits
    The Components
    Security
    Security Security Security Code
    Design &
    Governance Requirements Review
    Architect

    Security
    Security Automation Secure Coding
    Awareness
    Testing Tool Tournaments
    Training

    Penetration
    Security
    Testing
    Champion
    Workshop
    The Streams
    Automation & Infrastructure

    Governance

    Stakeholder Enablement

    Project Delivery
    The Implementation
    Automation & Infrastructure

    Governance

    Stakeholder Enablement

    Project Support
    The Lessons Learned
    Resource
    Ownership Retention
    Intensive

    Wide &
    Continuation
    Deep
    The Continuation
    DevSecOps Pipeline Infrastructure

    Governance

    Stakeholders Enablement

    Project Support
    The Conclusion
    Resource
    Hard* Ownership
    Intensive

    Maintain
    Continuation Improvement
    Expectation
    The End
    LINKEDIN.COM/IN/ RUSDIR - @RUSDIR

    You might also like