The March 2021 tech talk was presented by Larry Maccherone
A guiding principle of Comcast Cybersecurity is that we are no longer gatekeepers, but rather coaches and toolsmiths. Another, is that we favor building security in over bolting it on. Together, what this means is that the ownership of the problem of the security of the products shifts primarily to the teams that are developing those products. Further, the role of the cybersecurity group at Comcast shifts to supporting those engineering teams by developing and providing self-service tools that prevent problems or give automated feedback. We then provide coaching to help teams understand how best to use those tools and whatever other DevSecOps practices they need to adopt.
This talk dives deeper into what the above paragraph means and then presents original research quantifying the impact that various DevSecOps practices have on security risk outcomes so you can make an informed decision what to focus on first.
About the Presenter
Larry Maccherone is an industry-recognized thought leader on Lean/Agile, Analytics, and DevSecOps. He currently leads the DevSecOps transformation at Comcast as a Distinguished Engineer. Previously, Larry led the Insights product line at Rally Software where he published the largest ever study correlating development team practices with performance. Before Rally, Larry worked at Carnegie Mellon with the Software Engineering Institute (SEI) and CyLab for seven years conducting research on cybersecurity and software engineering.
Contact Larry on his LinkedIn page: https://www.linkedin.com/in/LarryMaccherone