Join event to build your agenda.

Can Cybersecurity and DevOps Collaborate to Achieve DevSecOps in a Cloud-Native World?


Mike Fraser
Sophos, VP of DevSecOps

Mike Fraser is currently VP of DevSecOps at Sophos after his startup Refactr was acquired in 2021; at Refactr he was co-founder, CEO and chief architect. Mike started his career in the United States Air Force working on F-15 fighter jets weapon systems and later as a cybersecurity engineer. While on active duty, Mike started his first company when he was 19 years old; a retail computer repair store. Mike has since founded multiple tech companies and is a regular speaker at numerous industry events, including Hashiconf, Hashitalks, KubeSec, various Microsoft events, RedHat AnsibleFest, DevOps Days, and All Day DevOps. He has published several feature articles including on TechCrunch, RSA 365, CRN, The New Stack, and http://DevOps.com and appeared on the cover of Channel Pro Magazine. Mike earned a bachelor's degree in application development from North Seattle College and has a master's degree in computer science from Seattle University. Mike aspires to be the world's coolest dad for his 7-year-old autistic daughter. In his spare time, he is creating an augmented reality app to help autistic children communicate better in social situations. 


DevSecOps is an inclusive term yet most security teams argue they remain left out of the effort to automate deployment processes. While DevOps teams and their tools are progressing along the automation curve, security teams are left to manual hand-offs from DevOps. As a result, DevOps and security teams struggle to collaborate as their organizations modernize and adopt cloud-native technologies.
Using the resources we already possess, is it possible for cybersecurity to gather speed and collaborate with DevOps? In this session, I will cover the current automation challenges faced by cybersecurity, namely a lack in collaborative when it comes to automation with DevOps. I will show how security tools can be used in DevSecOps pipelines to automate routine security tasks including: adding infrastructure-as-code security scanning before deploying Kubernetes clusters, scanning Kubernetes deployed on cloud infrastructure against the CIS K8s benchmark , and even performing remediation with Kubernetes in real-world DevSecvOps pipelines.
Cybersecurity is a growing field but the gap between DevOps and cybersecurity is widening. The faster we make DevSecOps a reality, the quicker we can enable cybersecurity teams to truly contribute in a collaborative approach with DevOps with cloud-native technologies.