CALL FOR SPEAKERS IS OPEN

• Event: DevOps Connect: DevSecOps Days
• Location: RSA Conference 2019, San Francisco, CA
• Date of DevOpsSec Day: Monday, March 4, 2019
• Time: 9:00am to 5:00pm, PST

NOTE: We have a strictly enforced “No Vendor” policy. This includes companies providing technology tools, services and consulting. Submissions from vendors will be immediately rejected.

Description

In the past few years, security integration within the DevOps pipeline has given rise to the idea of DevSecOps. Once seen as the bottleneck and inhibitor of the development and deployment process, security has become an integral part of the movement towards automation and the removal of manual oversight enforcement. As stated in the DevSecOps Manifesto, “We must adapt our ways to ensure data security and privacy issues are not left behind because we were too slow to change.”

There are practitioners in the field who are pushing forward with the idea of creating a secure application development pipeline, with security integrated from conception through deployment. In this year’s DevOps Connect: DevSecOps Day at RSA Conference 2019, you’ll hear stories from those practitioners, explaining how they made the cultural transformation from legacy development and deployment processes to integrated systems that include security as a part of the process, not as an overseer or bottleneck to secure application development.

This series of first person talks will give you a perspective on how you and your team can enable faster application development with more rapid deployment to production, while integrating security into your DevOps initiatives.

Presentation Restrictions

We have a strict “No vendor pitches” policy. We are looking for practitioners who can tell their story and help others see the path ahead. If you are a vendor, consultant or company who sells services or products, encourage your clients to tell their story.

How Submissions are Evaluated

We are looking for practitioners to discuss the unique challenges of adopting security into the DevSecOps pipeline, the obstacles to security being a contributing and valued partner in DevOps and the ways to overcome them. Specific topics we are looking for include, but are not restricted to:

• How did you get senior management buy-in? What did you do? How did you quantify the business value?
• Examples of security teams being integrated into the CI/CD or DevOps process
• How did you overcome objections inside the organization?
• How did you design and implement effective controls to mitigate security risks?
• Which business area (and application) did you start with, why, and what did you do?
• What were the top challenges, and how did you overcome them?
• What were your top mistakes, and what advice would you give as a result?
• In-progress stories (and even nightmares) are welcome!

Submission Guidelines

• Speaking slots are 20 minutes.
• Attendees must be able to use the bulk of the presentation’s lessons without buying or using a particular tool or service.
• While we love consultants and vendors (they’re some of our favorite people!), we are looking for stories from the organizations adopting these practices.

Each submission should end by communicating the core value in your message: how did you get security integrated into your DevOps initiative and what value did it provide to your project.