search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

  1. SEI
  2. Publications
  3. Digital Library
  4. Does your DevSecOps Pipeline only Function as Intended?

Does your DevSecOps Pipeline only Function as Intended?

January 2023 Webinar
Timothy A. Chick

In this webcast, Tim Chick discusses how using Model Based Systems Engineering, a DevSecOps model can be built.

Publisher:

Software Engineering Institute
Subjects

Watch

Abstract

Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned that DevSecOps pipeline weaknesses can be abused to inject exploitable vulnerabilities into their products and services.

Using Model Based Systems Engineering (MBSE), a DevSecOps model can be built that considers system assurance and enables organizations to design and execute a fully integrated DevSecOps strategy in which stakeholder needs are addressed with cybersecurity in all aspects of the DevSecOps pipeline. An assurance case can be used to show the adequacy of the model for both the pipeline and the embedded or distributed system. While builders of embedded and distributed systems want to achieve the flexibility and speed expected when applying DevSecOps, reference material and a repeatable defensible process are needed to confirm that a given DevSecOps pipeline is implemented in a secure, safe, and sustainable way.

What Attendees will Learn:

  • an approach to evaluate and mitigate the risk associated with attackers exploiting DevSecOps pipeline weaknesses and vulnerabilities
  • how to structure an assurance case around the core capabilities of a DevSecOps pipeline
     

About the Speaker

Timothy A. Chick

Timothy A. Chick

Timothy A. Chick is the CERT Security Automation Systems Technical Manager at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI).  He currently leads a team of software and system ...

Timothy A. Chick is the CERT Security Automation Systems Technical Manager at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI).  He currently leads a team of software and system engineers as they build and operate technical solutions for both internally funded research and customer facing prototypes and delivers trusted, valued, and relevant software engineering and cybersecurity approaches for software intensive systems through engineering and consulting support to DoD and DHS programs. In collaboration with technical experts across the SEI, the team assists organizations with the application of Agile and DevSecOps practices and the adoption of emerging technologies needed to keep pace with evolving opportunities, risks, and threats.

He is also an Adjunct Factory member at CMU’s Institute for Software Research (ISR) where he teaches courses on Agile and Software Project Management.

Prior to joining CMU, Chick worked for Naval Air Systems Command (NAVAIR), as a project manager, leading software development projects and software process improvement efforts for the E-2C Hawkeye Program, and as a software acquisition lead for the Vertical Take-Off and Landing Tactical Unmanned Aerial Vehicle (VTUAV) Program.

He holds an MS in Computer Science from Johns Hopkins University and a BS in Computer Engineering from Clemson University. For a complete Bio visit: http://www.linkedin.com/in/TimothyChick

Read more