When it comes to a technology businesses or large ICT Units inside organizations (eg Universities), things are normally full steam ahead. Project teams working across a number of different incentives to uplift any number of capabilities, Business As Usual (BAU) teams working to maintain the companies ICT mission and Security teams working on governance and compliance or responding to cyber incidents. It is in fact this high tempo that lead IT leaders to develop a new way of working, to streamline processes and improve ICT output. This way of thinking paved the way for DevOps to emerge, an ICT operating model and strategy which combines the development and operations teams, enabling organizations to deliver applications and services at rapid velocity. You may ask how do you secure such a fast moving methodology?

A DevOps process comprises primary of 5 steps: Pre-commit, Commit, Acceptance, Production, Operations. I will address the Pre-Commit, Commit and Acceptance stages as this is where CI/CD hardening and protective controls reside, which shifts the security model left, which achieves that elusive Dev-Sec-Ops model. I will also explain the benefits or conducting out of band scanning via a scanning factory. Below shows a brief explanation of my slides for my proposed presentation.