Presentation – Jose Alvarez, DevSecOps – Security as Code, Beyond the Pipeline
Jose Alvarez is a DevSecOps Engineer
First, Jose defined DevSecOps and talked about some of the reasons security teams might want to go “agile.” He recommended reading The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford. Next, he explained some of the more useful tools for automation—such as Jenkins, Ansible, Puppet, and Chef—and some useful security tools—which include nmap, Nikto, the OWASP Dependency checks, and Metasploit.
The best part was the demonstration he did using Jenkins with the Blue Ocean plugin to run automated tests.
It was a very informative meeting!
Slides will be available for this meeting at https://www.members.issa.org/resource/collection/DA59637C-851B-4DB2-8B5B-977AB3118D4C/Dev-Sec-Ops_Presentation__1_.pptx