DeveloperWeek Global: Enterprise 2020 DeveloperWeek Global: Enterprise 2020
Get your ticket or log in to build your agenda.

Practical DevSecOps: When NOT to Automate

- PST
Session Stage
Join on Hopin

Marissa Nishimoto
Yubico, Security Engineer

Marissa is a security engineer at Yubico. Her career is focused on product security and making sure developers have what they need to safely build cool stuff.


Your company has grown and has hired a security team, or a security person. We’re done, right? Everything is secure? Clearly, this is not the reality. Integrating security into development and operational practices is an ongoing, iterative process, and DevSecOps will look different across organizations. So no, you can’t just buy the same tools as everyone else and unlock the security achievement.

Effective DevSecOps is about recognizing where different functions add unique value and optimizing around that in order to continuously improve security of your products with the ultimate goal of keeping your customers and your company safe. In this talk, I’ll share some ways to more effectively utilize your security team and where automation can help you and your security team scale together.

The goal of this talk is to provide you with some tools to meaningfully discuss security improvements and give you options for where to start making immediate progress. I’ll be sharing some of the pitfalls I’ve experienced, including where automation can hinder your progress. I will also talk about how I think about prioritization of security improvements and share my perspective as a security engineer.