Due to a combination of a) development teams embracing Agile and DevOps and b) that security teams are often outnumbered by developers 100:1 or more in many companies, there's been a fundamental shift in how security teams need to operate. I've spent a significant amount of time studying how security teams at companies, large and small, have attempted to adapt to this new reality. There are a number of interesting trends in how work is prioritized, continuous code scanning (static and dynamic), scaling threat modeling and detection & response, investing in secure defaults, asset inventory, self-healing cloud environments, and more.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

DevSecOps / Scaling Security

Slide deck: https://docs.google.com/presentation/d/1lfEvXtw5RTj3JmXwSQDXy8or87_BHrFbo1ZtQQlHbq0/edit#slide=id.g6555b225cd_0_1069


[caption id="attachment_210" align="alignleft" width="120"]John Kinsella John Kinsella - Vice President of Container Security[/caption] [caption id="attachment_210" align="alignleft" width="120"]Mike Shema Mike Shema - Product Security Lead[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Clint Gibler Clint Gibler - Research Director [/caption]


  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our first virtual training with Online Business Systems you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 - April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

[audio src="http://traffic.libsyn.com/sw-all/ASW_100_-_Clint_Gibler_NCC_Group-2_converted.mp3"]