Yes, Application Security Leads to Better Business Value. Learn How from Experts.

Authors:   David Zendzian, Larry Carvalho, Kirsten Newcomer, Hillary Benson


The importance of proper design and planning in cybersecurity for DevOps environments
  • Developers need to have proper design and security embedded in their sprints
  • Test-driven development and continuous testing are crucial
  • Incident response plans should include analysis of attack vectors and data usage
  • Immutable infrastructure has implications for incident response
  • Kubernetes community is working on capabilities for creating sandboxed environments
  • Shifting left enables developers to better enable a security conversation
  • SecOps is just as important as DevOps
One successful bank deployed an application with 58 microservices in eight weeks by embedding security in every sprint and continuously testing with test-driven development. Incident response plans included analysis of attack vectors and data usage.


Cloud native technologies give organizations a much better toolset to gain the agility to meet business challenges. According to a CNCF survey, security is one of the top three challenges in migrating to cloud native architectures. Inadequate confidence in security leads to fewer innovative solutions. DevSecOps and Shift Left are security practices that ensure vulnerabilities are found much earlier in a development process, improving confidence to deploy cloud native applications. Larry Carvalho, Principal Consultant at RobustCloud, will moderate this session. Hillary Benson, from Gitlab, will highlight how cloud native technologies, paired with the right strategy and toolset, present an outsized opportunity to reduce unnecessary security risk drastically. Kirsten Newcomer, from Red Hat, will share how to holistically secure your platform and application and enable teams to build secure pipelines with security controls as close to the developer as they wish. David Zendzian, from VMware, will discuss how shifting left security outcomes can only partially translate into building new skills for the developer community. In this session, you will hear examples of companies using application security practices to reduce the risk of non-compliance and deliver innovative solutions.



Post a comment

Related work

Authors: Chris Rosen, Larry Carvalho, Krisztián Flautner, Betty Junod

Authors: Larry Carvalho, Stu Miniman, Marilyn Basanta, Muneyb Minhazuddin