Hasan Yasar
CERT
Hasan Yasar is the Technical Director of the Continuous Deployment of Capability group in the SSD Division of the Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate, and assure transformation at the speed of relevance by leveraging DevSecOps, Agile, Lean AI/ML, and other emerging technologies to create a Smart Software Platform/Pipeline. Hasan has more than 25 years’ experience as a senior security engineer, software engineer, software architect, and manager in all phases of secure software development and information modeling processes. He specializes in secure software solutions design and development in the cybersecurity domain, including data-driven investigation and collaborative incident management; network security assessment; automated, large-scale malware triage/analysis; medical records management; accounting; simulation systems; and document management. He is also an adjunct faculty member in CMU Heinz College and the Institute of Software Research, where he currently teaches “Software and Security” and “DevOps: Engineering for Deployment and Operations.”
His current areas of professional interests focus on
- secure software development, including threat modeling, risk management framework, and software assurance models
- secure DevOps processes, methodologies, and implementation
- software development methodologies (Agile, SAFe, DevOps)
- cloud-based application development, AI system development, deployment, and operations
- software architecture, design, development, and management of large-scale enterprise systems
Publications by Hasan Yasar
-
Welcome to DevSecOps Days Pittsburgh 2023
May 11, 2023 • Presentation
Hasan Yasar
This session was presented by Hasan Yasar at DevSecOps Days Pittsburgh, held virtually May 11, 2023.
read -
Top 5 Challenges to Overcome on Your DevSecOps Journey
May 01, 2023 • Webinar
Hasan YasarJoseph D. Yankel
In this webcast, Hasan Yasar and Joe Yankel discuss the top 5 challenges and barriers to implementing DevSecOps practices.
watch -
Finding Your Way with Software Engineering Buzzwords
November 30, 2022 • Webinar
Hasan Yasar
In this webcast, Hasan Yasar discusses the new technologies and buzzwords that are required to implement a complete software delivery pipeline.
watch -
Welcome to DevSecOps Days Washington, D.C. 2022
October 12, 2022 • Presentation
Hasan Yasar
In this session, Hasan Yasar welcomed participants to DevSecOps Days Washington, D.C., held virtually on October 12, 2022.
read -
DevSecOps for AI Engineering
June 23, 2022 • Podcast
Hasan YasarJay Palat
Hasan Yasar and Jay Palat discuss how to engineer AI systems with DevSecOps and explore the relationship between MLOps and DevSecOps.
learn more -
Welcome to DevSecOps Days Pittsburgh 2022
April 27, 2022 • Presentation
Hasan Yasar
This session was presented by Hasan Yasar at DevSecOps Days Pittsburgh, held virtually April 27, 2022.
read -
Panel Session: Evolving Threat Modeling for Agility and Business Value with DevSecOps
December 16, 2021 • Presentation
Hasan Yasar
This threat modeling panel session took place virtually at DevSecOps Days Washington D.C. 2021 on December 16, 2021.
read -
Welcome to DevSecOps Days Washington, D.C. 2021
December 16, 2021 • Presentation
Hasan Yasar
Hasan Yasar introduces and welcomes participants to DevSecOps Days Washington, D.C. 2021.
read -
Measuring DevSecOps: The Way Forward
October 14, 2021 • Podcast
William NicholsHasan Yasar
Bill Nichols and Hasan Yasar discuss the ways in which DevSecOps practices yield valuable information about software performance that is likely to lead to innovations in software engineering metrics.
learn more -
Welcome to DevSecOps Days Los Angeles 2021
September 15, 2021 • Presentation
Hasan Yasar
Hasan Yasar introduces and welcomes participants to DevSecOps Days Los Angeles 2021.
read -
Can DevSecOps Make Developers Happier?
July 08, 2021 • Podcast
Hasan Yasar
Hasan Yasar discusses the cultural aspects of DevSecOps practices.
learn more -
Software Development Open Forum: Ask Hasan Anything!
June 30, 2021 • Webinar
Hasan Yasar
Hasan Yasar answers attendee questions on the software development lifecycle, DevSecOps, SBOM, career training, and the DoD Enterprise DevSecOps Initiative.
watch -
Welcome to DevSecOps Days Pittsburgh 2021
June 16, 2021 • Presentation
Hasan Yasar
Hasan Yasar introduces and welcomes participants to DevSecOps Days Pittsburgh 2021.
read -
Moving from DevOps to DevSecOps
May 13, 2021 • Podcast
Hasan Yasar
Hasan Yasar discusses how organizations can transition from DevOps to DevSecOps.
learn more -
Software Assurance Guidance and Evaluation (SAGE) Tool
May 03, 2021 • White Paper
Luiz AntunesEbonie McNeilHasan Yasar
The Software Assurance Guidance and Evaluation (SAGE) tool helps an organization assess the security of its systems development and operations practices.
read -
Announcing IEEE 2675 DevOps Standard to Build Reliable and Secure Systems
April 27, 2021 • Webinar
Hasan Yasar
In this webcast, our panel discusses personal experience applying DevOps principles and practices in organizations.
watch -
DevOps Enables Digital Engineering
March 17, 2021 • Webinar
Hasan YasarDavid James Shepard
In this webcast, Hasan Yasar and David Shepard introduce the relatively new concept of Digital Engineering and how they believe DevOps complements/enables Digital Engineering.
watch -
Rapid Adjudication of Static Analysis Alerts During Continuous Integration
December 15, 2020 • Video
Lori FlynnRobert NordHasan Yasar
Progress in research toward the rapid adjudication of static analysis alerts during continuous integration.
watch -
Achieving Continuous Authority to Operate (ATO)
November 30, 2020 • Podcast
Hasan YasarShane Ficorilli
Shane Ficorilli and Hasan Yasar sit down with Suzanne Miller to discuss Continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
learn more -
Welcome to DevSecOps Days DC 2020
October 02, 2020 • Presentation
Hasan Yasar
This presentation by Hasan Yasar of Software Engineering Institute was given virtually at DevSecOps Days DC 2020 on October 1, 2020.
read -
Challenges to Implementing DevOps in Highly Regulated Environments
May 28, 2020 • Podcast
Hasan YasarJose A. Morales
Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environment (HREs), exploring issues such as environment parity, the approval process, and compliance.
learn more -
Trust, Verify & Authorize with DevSecOps
April 29, 2020 • Webinar
Hasan Yasar
Hasan Yasar and Eric Bram discussed how the continuous aspect of communication and collaboration among developers and information security teams reinforces core DevOps principles.
watch -
At What Point Does DevSecOps Become Too Risky for the Business?
April 02, 2020 • Webinar
Hasan Yasar
This webcast covered the implementation of an automated, continuous risk pipeline that demonstrates how cyber-resiliency and compliance risk can be traced to and from DevSecOps teams working in the SDLC program and project levels.
watch -
Human Factors in Software Engineering
November 12, 2019 • Podcast
Andrew O. MellingerSuzanne MillerHasan Yasar
Andrew Mellinger, Suzanne Miller, and Hasan Yasar discuss the human factors that impact software engineering, from the communication tools they use to the environments where they work.
learn more -
DevOps in Highly Regulated Environments
June 27, 2019 • Podcast
Hasan YasarJose A. Morales
Hasan Yasar and Jose Morales discuss the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle in highly regulated environments.
learn more -
DevSecOps Implementation in the DoD: Barriers and Enablers
April 18, 2019 • Webinar
Hasan YasarEileen WrubelJeff Boleng
In this webcast, panelists discuss potential enablers of and barriers to using modern software development techniques and processes in the DoD or similar segregated environments.
watch -
Continuous Iterative Development and Deployment Practices
October 23, 2018 • Presentation
Eileen WrubelHasan Yasar
Discussion of Agile and DevOps approaches
read -
Build Secure Applications with DevSecOps
October 03, 2018 • Video
Hasan Yasar
Watch Hasan Yasar discuss how to "Build Secure Applications with DevSecOps."
watch -
Agile and DevOps: Your Questions. Our Answers.
April 27, 2018 • Webinar
Hasan YasarEileen Wrubel
Watch this lively discussion in which we answered attendee questions on all things Agile and DevOps.
watch -
Agile DevOps
April 19, 2018 • Podcast
Hasan YasarEileen Wrubel
Eileen Wrubel and Hasan Yasar discuss how Agile and DevOps can be deployed together to meet organizational needs.
learn more -
Implementing DevOps Practices in Highly Regulated Environments
April 02, 2018 • White Paper
Jose A. MoralesHasan YasarAaron Volkmann
In this paper, the authors layout the process with insights on performing a DevOps assessment in a highly regulated environment.
read -
Oh No, DevOps is Tough to Implement!
March 27, 2018 • Presentation
Hasan Yasar
This presentation explains DevOps, common misconceptions and roadblocks, and how you can use DevOps to help your organization reach new heights of efficiency and productivity without getting frustrated.
read -
How Risk Management Fits into Agile & DevOps in Government
February 01, 2018 • Podcast
Timothy A. ChickWill HayesEileen Wrubel
In this podcast, Eileen Wrubel, technical lead for the SEI's Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together.
learn more -
Implementing Secure DevOps Assessment for Highly Regulated Environments
September 01, 2017 • Conference Paper
Hasan Yasar
This paper describes advantages and some of the challenges of applying DevOps to highly regulated entities in industry, academia, and government.
read -
Integrating Security in DevOps
June 29, 2017 • Podcast
Hasan Yasar
In this podcast, Hasan Yasar discusses how Secure DevOps attempts to shift the paradigm for tough security problems from following rules to creatively determining solutions.
learn more -
SEI Cyber Minute: DevOps for Better Software Build
January 04, 2017 • Video
Hasan Yasar
Watch Hasan Yasar in this SEI Cyber Minute as he discusses "DevOps for Better Software Build".
watch -
Secure DevOps Process and Implementation
November 03, 2016 • Conference Paper
Hasan YasarKiriakos Kontostathis
This paper describes Secure DevOps theories, practices, and tools.
read -
Security Practitioner Perspective on DevOps for Building Secure Solutions
October 31, 2016 • Webinar
Hasan Yasar
This webinar covered the perspectives of security practitioners on building secure software using the DevOps development process and modern security approach.
watch -
Continuous Integration (Secure DevOps)
July 07, 2016 • Webinar
Hasan Yasar
Learn how to better identify process improvements at your organization through new perspectives on secure software development and delivery.
watch -
Where to Integrate Security Practices on DevOps Platform
April 11, 2016 • Article
Hasan YasarKiriakos Kontostathis
The article describes how to address security concerns early in the software development lifecycle and leverage that approach throughout the entire lifecycle.
read -
DevOps Panel Discussion
November 30, 2015 • Webinar
Kevin FallHasan YasarJoseph D. Yankel
CERT researchers discuss DevOps and its relationship to cybersecurity and the dynamic threat.
watch -
What DevOps Is Not!
June 30, 2015 • Webinar
Hasan Yasar
In this webinar, we'll talk about DevOps, its common misconceptions and roadblocks, and how you can use DevOps to help your organization reach new heights of efficiency and productivity.
watch -
Cyber Engineering Solutions Group: How We Create Innovative Solutions for People
March 05, 2014 • Poster
Barbora BatokovaHasan Yasar
With the increasing number of projects and the expansion of our team, we needed to capture our internal process and expertise so that we could effectively communicate our approach to new team members, the larger organization and our customers.
read