Software Engineering Institute

Whose responsibility is security? DevSecOps has a mantra of making everyone accountable for security. We urge the C-Suite to put greater funding into security and our security teams, but we fail to make all our stakeholders aware of their responsibilities. DevSecOps is not responsible for security. They simply show us the way and put guardrails in place. In this talk, we discuss the issue of ownership of the problem and moving towards a unified solution.

Ruth Lennon is the director of Craobh Technology Consulting, providing personalized solutions to industry problems. Ruth has 20 years of experience as a lecturer in the Department of Computing at Letterkenny Institute of Technology, Ireland. Ruth's research interests focus on enterprise-scale systems with a particular focus on DevOps and Cloud technologies. She has been a member of many technical panels and committees, including NSAI/TC 2/SC 11 on cloud and distributed systems, NSAI/TC 2/SC 2 on Software Engineering, and ISO/IEC JTC 1/AG 3 'Open Source Software.' Ruth is a member of the working group developing the P2675 DevOps standard. Ruth's goal in DevOps is to ensure that security and performance are seen as core to development projects just as it is in configuration projects. Ruth has worked on security projects in the area of threat modeling and security reviews. In addition, Ruth is a member of the ACM, ACM-W, IEEE, IEEE-WIE, and the IEEE Computer Society. Ruth is the Chair of the ACM-W Europe.

Watch the video.