Close the Gap: Bringing Engineering & Security/Compliance Together
October 2020 • Presentation
This presentation by Sare Ehmann of the Software Engineering Institute was given virtually at DevSecOps Days DC 2020 on October 1, 2020.
Software Engineering Institute
Do you dread talking to InfoSec? Does your security or compliance team slow down your releases? Do you find yourself building documentation for the purposes of this oversight that no one else uses? Is there a special person on your team who has the blessing to talk to security/compliance because they’re the only one who can get things approved? This talk is for you.
Join Sare as we talk about the friction between security, compliance, and engineering teams. You’ll learn how to reduce that friction to gain productivity. Throwing more communication at the problem rarely helps. Instead, Sare will introduce a paradigm they created for communicating with security/compliance teams that uses source control to achieve transparency and confidence. You’ll also get some free advice on how to repair the damaged institutional relationship with the security/compliance people for your team.
This presentation by Sare Ehmann of the Software Engineering Institute was given virtually at DevSecOps Days DC 2020 on October 1, 2020. Sare Ehmann joined the SEI in April 2020 after spending 5 years as a software engineer/consultant with Pivotal (now VMware). At Pivotal, Sare helped many companies change the way they built and ran software, from upskilling their development competencies, to creating automated deployment pipelines, to agile culture transformation, to user-centered development and design.
Sare is passionate about:
- Test Driven Development & testing in general
- Pair Programming
- Software Development Wastes (and reducing them)
- Story Writing
- Cloud-Native Application Maturation
- Emergent Architecture as a feedback loop
- Effective Communication
- Allyship and Mentoring
Sare has had a LOT of bad jobs and terrible job experience, so has a high degree of empathy for people in toxic environments. Sare leverages this to help make clients' lives better, and to help people become better allies for their teammates. Sare also writes fiction books under a pseudonym.