DevOps has arrived at large enterprises, but security often gets left in the dust. As the delivery cycle gets faster and fine-tuned, it is critical to ensure that security is considered a subset of quality. It is always challenging to embed security in the delivery pipeline for a large regulated enterprise like Capital One.
Arm yourself with the knowledge of the DevOps chain, and learn how Capital One has embedded security in DevOps via shifting left, automating, and rapid feedback mechanisms. Capital One’s automated security checkpoints are active during design time, build time, and run time. There is also a strong partnership built with Development, Quality, and Enterprise Architecture organizations that is essential to enable secured continuous delivery.
In this session, we will review the tools, automation, collaboration between organizations, and feedback mechanisms that Capital One has implemented to enable secured continuous delivery. We will also review some roadblocks and gaps that we have as of today, and what we are doing about those.
Tapabrata Pal is a senior director and senior engineering fellow at Capital One, where he focuses on DevOps and continuous delivery at large scale in regulated environments and evangelizes and leads the company’s DevOps initiatives. Tapabrata has more than 20 years of IT experience in roles including developer, operations engineer, and architect in the retail, healthcare, and finance industries. Previously, he spent some time in academia doing doctoral and postdoctoral research in the field of solid state physics. Tapabrata is the community manager of and a core contributor to the Hygieia open source project.
Ty Sbano is the director of application security for Capital One Financial. Ty oversees secure coding training, application risk profiling, secure code reviews, open source security, and dynamic/manual penetration testing. Ty began his career as a security consultant focused on ethical hacking, security compliance, and vendor due diligence. During this time, he discovered his interest in financial services and has spent the past eight years focused on application security. Ty achieved a B.S. in information science and technology from Pennsylvania State University and an M.S. in information security and assurance from Norwich University. He currently holds the following certifications: CISSP, SSCP, CEH, and CPT.
©2015, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org