Discussing security in a world of rapid changes and continuous delivery: DevSecCon London

Information Security has always been an important topic, and it gets more and more attention every day from different industries. Currently, tech businesses are demanding quick software releases cycles for new updates and features, leaving security in the background. It tends to be managed as an afterthought and put into a reduced timeframe.

Security, however, should not be sacrificed for the sake of a speedy delivery. This is where DevSecOps comes in place.

But, what is DevSecOps?

DevSecOps is an approach that relies on the intense collaboration between development, security and IT-operations. The three core competencies together create ways to build security into the development process in a continuous manner, without neither impacting critical deadlines, nor delaying a software's release cycles.

In order to be able to react fast to the rapidly changing requirements and deliver a highly secure service, Sherpany follows the DevSecOps approach. With greatly skilled developers, security quality gates already early in the development lifecycle, automated security assessments and external assurance, Sherpany delivers a very high level of security for all information stored in the Sherpany Boardroom software.

Nevertheless, we strongly believe that it's essential to acknowledge industry trends and learn about best practices to overcome internal challenges. That is why security team members from Sherpany have attended this year's DevSecCon conference in London, which took place during the month of October.

The DevOpsCon event

The DevOpsCon conference is a platform for leading experts to showcase their ideas in order to give different perspectives on common topics of the industry. This year's edition gathered 22 expert speakers and 350 attendees from different countries, industries and backgrounds. They all met in the heart of London for two days of intense discussions and exchange of ideas on best practices, current trends and innovative approaches.

"Attending the conference allowed me to get a better grasp of the trends in the field. It was also a great opportunity to meet people that shared valuable know-how, and had a lot of insightful, experience-based learnings for all those participating." explains André Carpinteiro, DevSecOps Engineer at Sherpany

Of all presentations, one stood out because of its fascinating concept. Matthew Pendlebury, Senior Security Consultant, MWR InfoSecurity, and expert in organisational defensive security, talked about "attack aware application".

The concept reveals that if an application is “attack aware” it does not rely solely on external components, such as antivirus software, firewall solutions or intrusion detection systems to detect malicious activity. What it can do, however, is to detect an attack by itself, and even react to it appropriately. The concept brings to light a big advantage: this type of behaviour can result in another layer of security in order to protect the sensitive information.

DevOpsCon London's agenda offered other insightful talks about threat modelling, security automation and instrumentation and many other topics. The event brought together experts from the fields of DevOps and Security ensuring an environment of learning and support for participants to make sure that their development and delivery cycles are secure. This added to the successful outcome of the event and made the team from Sherpany excited to attend this year's conference.


For more information on the subject, we invite you to read about the importance of software security at Sherpany.