A Cybersecurity Engineering Strategy for DevSecOps
October 2021 • Webinar
Carol Woody, PhD
In this webcast, Carol Woody presents a strategy for cybersecurity engineering in DevSecOps environments.
Software Engineering Institute
The shift from waterfall and long-increment development and delivery to accelerated approaches such as DevSecOps demands an agile yet disciplined approach to assuring cybersecurity. Current approaches focus on “big bang” assessments at major milestones which, for a product undergoing rapid, continual change, amounts to taking a snapshot of a door that is closed, reinforced, and triple bolted, and assuming all is well. But turn your back and the door is likely to be opened a few seconds later to let in an electrician or bring in some new furniture or an appliance. How can you know whether to trust the electrician, or the work they do, or the materials they use? Will connecting that new dishwasher blow a fuse? Is there a bug, maybe a powderpost beetle, living in that end table? Similarly, seconds after a security assessment is complete, a bug fix or software update comes along. Now what?
Continuous approaches to cybersecurity have been developed and piloted in DevSecOps environments, but these generally focus on only a subset of essential components and processes. Assuring cybersecurity requires an integrated strategy that incorporates agile processes, methods, and decision aids to address security of the whole product as it evolves through its life cycle. This webcast will present a strategy for cybersecurity engineering in DevSecOps environments.
What attendees will learn:
• the scope of a cybersecurity engineering strategy for DevSecOps
• the challenges of applying the strategy to integrate cybersecurity into DevSecOps
• the criticality of sharing information with direct and indirect stakeholders
About the Speaker
Carol Woody, PhD
Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the ...
Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the challenges of cyber security in acquisition, system and software engineering. CSE is building capabilities in defining, acquiring, developing, measuring, managing, and sustaining secure software for highly complex networked systems as well as systems of systems.
Woody is an experienced technical researcher whose work has focused on government agencies, higher education, and medical organizations. She has helped them identify effective security risk management solutions, develop approaches to improve their ability to identify security and survivability requirements, and field software and systems with greater assurance.
As a consultant for ImageWork Technologies Corp., Woody managed the user testing for CITYTIME, a timekeeping application being developed for New York City. She also consulted with the Queens County District Attorney's Office of New York City to design and implement an electronic document management system. New York City's Administration for Child Services chose her to integrate financial information among state, city, and agency financial systems and also to construct a financial data warehouse and implement web-enabled processes for managing social service payments. As project manager at Yale University, Woody served as architect and implementing project manager for an integrated ID card solution, developed technical specifications and assisted users in vendor review and selection for a procurement package, designed and implemented expert system technology for distributed data collection, and managed a team of technicians supporting the financial operations of the university.
Woody holds a PhD in information science from Nova Southeastern University, an MBA from Wake Forest University, and a BS in mathematics from William and Mary.
Contact: Carol Woody