search menu icon-carat-right cmu-wordmark

DevOps in Highly Regulated Environments

June 2019 Podcast
Hasan Yasar, Jose A. Morales

Hasan Yasar and Jose Morales discuss the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle in highly regulated environments.

“We can put all the tooling in. We can make all of the recommendations. If you can’t get the culture to shift, it is not going to work. It is just going to fail horribly. One of the things we do is we sit with them on a project for a while to see how it’s working for them and where changes need to be made.”


Software Engineering Institute





Highly regulated environments (HREs), such as finance and healthcare, are mandated by policies for various reasons, most often general security and protection of intellectual property. These policies make the sharing and open access principles of DevOps that much harder to apply. In this podcast, Hasan Yasar and Jose Morales, both researchers in the SEI's CERT Division, discuss the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle in HREs.


About the Speaker

Hasan Yasar

Hasan Yasar is the technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division. His group focuses on software development processes and methodologies, specifically on DevOps and development, and researches advanced image analysis, cloud technologies, and big data problems. It also provides expertise and guidance to SEI's clients. Yasar has more than 25 years’ experience as senior security engineer, software engineer, software architect, and manager in all phases of secure software development and information modeling processes. He has an extensive knowledge of current software tools and techniques. He is also specializes in secure software solutions design and development in the cybersecurity domain, including data-driven investigation and collaborative incident management, network security assessment, automated, large-scale malware triage/analysis, medical records management, accounting, simulation systems, and document management. He is also an adjunct faculty member in the CMU Heinz College and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.

Jose A. Morales

Jose Morales is a researcher with the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. He has conducted research in cybersecurity since 1998 with a current focus on behavior-based malware analysis and detection, suspicion assessment theory and implementation, mobile malware, and malware distribution networks. He has extensive experience in building dynamic analysis systems for executable programs on various platforms. He graduated with a Ph.D. in Computer Science from Florida International University in 2008. Before coming to Carnegie Mellon, he was a post-doctoral research fellow at the Institute for Cyber Security at the University of Texas, San Antonio. He is co-founder and moderator of the Hispanics in Computing email list. He is a Senior Member of the ACM and the IEEE.