Build resilient systems at scale
October 12–14, 2015 • New York, NY

Security with the speed of continuous delivery

Tapabrata Pal (Capital One), Ty Sbano (Capital One)
4:25pm–4:55pm Monday, 10/12/2015
Location: Rhinelander South
Average rating: ***..
(3.00, 3 ratings)

Prerequisite Knowledge

Intermediate experience with DevOps tools, practice. Intermediate experience with continuous integration, deployment


DevOps has arrived at large enterprises, but security often gets left in the dust. As the delivery cycle gets faster and fine-tuned, it is critical to ensure that security is considered a subset of quality. It is always challenging to embed security in the delivery pipeline for a large regulated enterprise like Capital One.

Arm yourself with the knowledge of the DevOps chain, and learn how Capital One has embedded security in DevOps via shifting left, automating, and rapid feedback mechanisms. Capital One’s automated security checkpoints are active during design time, build time, and run time. There is also a strong partnership built with Development, Quality, and Enterprise Architecture organizations that is essential to enable secured continuous delivery.

In this session, we will review the tools, automation, collaboration between organizations, and feedback mechanisms that Capital One has implemented to enable secured continuous delivery. We will also review some roadblocks and gaps that we have as of today, and what we are doing about those.

Photo of Tapabrata Pal

Tapabrata Pal

Capital One

Tapabrata Pal is a senior director and senior engineering fellow at Capital One, where he focuses on DevOps and continuous delivery at large scale in regulated environments and evangelizes and leads the company’s DevOps initiatives. Tapabrata has more than 20 years of IT experience in roles including developer, operations engineer, and architect in the retail, healthcare, and finance industries. Previously, he spent some time in academia doing doctoral and postdoctoral research in the field of solid state physics. Tapabrata is the community manager of and a core contributor to the Hygieia open source project.

Photo of Ty Sbano

Ty Sbano

Capital One

Ty Sbano is the director of application security for Capital One Financial. Ty oversees secure coding training, application risk profiling, secure code reviews, open source security, and dynamic/manual penetration testing. Ty began his career as a security consultant focused on ethical hacking, security compliance, and vendor due diligence. During this time, he discovered his interest in financial services and has spent the past eight years focused on application security. Ty achieved a B.S. in information science and technology from Pennsylvania State University and an M.S. in information security and assurance from Norwich University. He currently holds the following certifications: CISSP, SSCP, CEH, and CPT.

Stay Connected

Follow Velocity on Twitter Facebook Group Google+ LinkedIn Group


More Videos »

O’Reilly Media

Tech insight, analysis, and research