search menu icon-carat-right cmu-wordmark

A Cybersecurity Engineering Strategy for DevSecOps

In this webcast, Carol Woody presents a strategy for cybersecurity engineering in DevSecOps environments.

Software Engineering Institute



The shift from waterfall and long-increment development and delivery to accelerated approaches such as DevSecOps demands an agile yet disciplined approach to assuring cybersecurity. Current approaches focus on “big bang” assessments at major milestones which, for a product undergoing rapid, continual change, amounts to taking a snapshot of a door that is closed, reinforced, and triple bolted, and assuming all is well. But turn your back and the door is likely to be opened a few seconds later to let in an electrician or bring in some new furniture or an appliance. How can you know whether to trust the electrician, or the work they do, or the materials they use? Will connecting that new dishwasher blow a fuse? Is there a bug, maybe a powderpost beetle, living in that end table? Similarly, seconds after a security assessment is complete, a bug fix or software update comes along. Now what?

Continuous approaches to cybersecurity have been developed and piloted in DevSecOps environments, but these generally focus on only a subset of essential components and processes. Assuring cybersecurity requires an integrated strategy that incorporates agile processes, methods, and decision aids to address security of the whole product as it evolves through its life cycle. This webcast will present a strategy for cybersecurity engineering in DevSecOps environments.

What attendees will learn:

• the scope of a cybersecurity engineering strategy for DevSecOps
• the challenges of applying the strategy to integrate cybersecurity into DevSecOps
• the criticality of sharing information with direct and indirect stakeholders

About the Speaker

Headshot of Carol Woody.

Carol Woody

Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the challenges of cyber security in acquisition, system and software engineering.  CSE is building capabilities in defining, acquiring, …

Read more