What's The Difference Between AppSec And DevSecOps | At The Edge With Vandana Verma And Francesco Cipollone

What's The Difference Between AppSec And DevSecOps.png

This episode of At The Edge
is made possible by the generosity of our sponsors:

How well is your AppSec program working? How well is your DevSecOps program working? Are these two functions separate in your organization, or do they operate as one unit? What skills differences are there between the two functions/roles if any? Are they part of your IT ops team? Part of your security team? Part of your engineering team? All of the above? None of the above?

Oh, wait … you’re not sure what the difference is between AppSec and DevSecOps? No problem, many organizations have this same question. And, as you can imagine, possessing a good understanding of the answer(s) could make a significant difference between a successful program that integrates application security as part of your IT, security, and engineering operations.

The good news is, on today’s show, we have two people deeply involved in both AppSec and DevSecOps, bringing with them years of experience working with numerous companies of all sizes from all over the world to help them bring their applications to production in a secure manner. Furthermore, not only do they have experience in operationalizing AppSec and DevSecOps, but they also lead teams and champion associations designed to help even more people make a move from “zero” to “hero” in their application security and secure development programs.

Demonstrating how complex this topic is, we all had a healthy level of agreeing to disagree as we went through the following items:

  • What are the definitions for AppSec and DevSecOps

  • What are the maturity levels for AppSec on a global level

  • Are buzzwords a good thing or a bad thing

  • Does the application security team hold some of the same traits as the traditional InfoSec team?

  • What does it take to get from zero to hero; where do you start

  • Which is a better approach: top-down or bottom-up

These are just some of the many topics we dig in to during this chat. And, while there wasn’t 100% agreement across the board for everything discussed, it’s safe to say we all agree that continued awareness, focus, and action surrounding the worlds of AppSec and DevSecOps are necessary.

Join us for the, err, disagreements. Leave with an agreement with yourself to take action.

 

Do not miss our conversations. Subscribe to our Newsletter and Podcasts Series.

Look for ITSPmagazine in your favorite podcasts player and let us know if we are not there. We will add it.

 

What is happening At the Intersection of Technology, Cybersecurity, and Society?


ITSPmagazine is, and will always be a free publication.

Our mission is to raise awareness for cybersecurity by making it understandable, accessible, and part of everyone’s everyday life. If you can and wish to contribute, consider an individual donation.

Even one single dollar can help us to extend our influence and make our cyber society a safer place for everyone.

Please Support Our Mission