Presenters Shannon Lietz, Caroline Wong, Paula Thrasher
Hosted by Mark Miller
As the rest of the DevOps culture moves farther left, security remains mired in approaches applicable for 10 year old legacy systems. The landscape has changed from “build a wall” perimeter security to an everything-is-connected ecosystem of applications, APIs, and third parties. While there is no such thing as a default DevSecOps pipeline, there are key characteristics about the new product development methodology that can manifest as challenges for traditional security teams. Security teams must find a way to become embedded into every phase of the software supply chain, or run the risk of becoming hopelessly out of sync with contemporary software development.
Caroline Wong, Paula Thrasher, and Shannon Lietz bring decades of war stories to the table as practitioners on the frontlines of software security. Listen in as they present case studies, lessons learned, and practical tips for integrating “Sec” into DevSecOps. You will walk away from this session with practical tips on how to create your own team of internal security champions who will help you develop flexible, useful security practices that work in your current environment.
About Caroline Wong, Vice President of Security Strategy at Cobalt
Caroline Wong is the Vice President of Security Strategy at Cobalt (www.cobalt.io).Caroline’s close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. She is a well known thought leader on the topic of security metrics and has been featured at industry conferences including RSA (USA and Europe), OWASP AppSec, and BSides. Caroline was featured as an Influencer in the 2017 Women in IT Security issue of SC Magazine and has been named one of the Top Women in Cloud by CloudNOW. She received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill in 2011. Caroline graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences and holds a certificate in Finance and Accounting from Stanford University Graduate School of Business.
About Paula Thrasher, CSRA, Director of Digital Services
Paula is the Director of Digital Services at CSRA and leads the Agile, Testing, User Experience and DevOps centers of excellence delivery organizations. She has over 18 years’ experience in information technology and works in the federal market leading agencies and teams towards Agile and DevOps. Paula’s first Agile project was in 2001, since then she has led 20+ programs and projects as an Agile developer, technical lead, Scrum master, or Agile coach. Her teams have helped three separate federal agencies migrate applications to Amazon AWS GovCloud, and done some other amazing DevOps ninja work along the way. Improvements experienced on Ms. Thrasher’s current program include increasing quantity of deployments by 220%, completing 18 months of backlog in 12 weeks, increasing quantity of features delivered by 30%, and using increasing automation around test and verification to accomplish 6 FTE worth of testing effort per 1 FTE. Last year she co-authored the paper Tactics for Leading Change with other industry leaders for IT Revolution and the DevOps Enterprise Forum. Paula holds a B.S. in Statistics from Carnegie Mellon University and is a Certified Scrum Master (CSM) and a Project Management Professional (PMP), but prefers learning new things through experience and working with smart people.
About Shannon Lietz
Intuit, Director, DevSecOps
Award winning leader in security innovation with experience developing emerging security programs for Fortune 500 companies: Intuit, ServiceNow, Sony, Sempra Energy, Savvis, Cable and Wireless, 99 Cents Only, Exodus, Bank of America, among others internationally. Received the Scott Cook Innovation Award in 2014 for developing and cultivating a world class Cloud Security Program that allows for sensitive data to be protected in AWS. Ms. Lietz is currently the Director of DevSecOps for Intuit where she is responsible for setting and driving the company’s Cloud Security Strategy, Roadmap, and full-scale Program in support of corporate innovation. She has previous experience as a Master Security Architect, an Entrepreneur, and often volunteers to educate on security topics. Ms. Lietz is a passionate DevSecOps and Rugged evangelist.