TestGuild Devops Toolchain Podcast – AI-Powered Security Orchestration in DevOps

Team Wabbi

April 10, 2024

Click below to listen to TestGuild DevOps Toolchain’s interview with Wabbi’s Founder & CEO, Brittany Greenfield. She talks with host, Joe,  about the integration of security and development in the DevOps process.

This interview originally appeared on TestGuild DevOps Toolchain Podcast on April 10, 2024

AI-Powered Security Orchestration in DevOps

About the session
This transcript is from an episode of the Test Skill DevOps Tool Chain podcast. The host, Joe, is speaking with Britney Greenfield, CEO and founder of Wabbi, about the integration of security and development in the DevOps process. They discuss the concept of application security posture management, the future of DevOps, and the role of Wabbi in bridging the gap between security and development.

Key speakers
– Joe, Host
– Britney Greenfield, CEO and Founder of Wabbi

Agenda
– Introduction of Britney Greenfield and her work in DevOps and application security.
– Discussion on the future of DevOps and the integration of security into the process.
– Explanation of Wabbi’s role in application security posture management.
– Discussion on the challenges in integrating security into the DevOps process.
– Explanation of how Wabbi addresses these challenges and facilitates the process.
– Discussion on the current state of application security and the role of government and tech companies in it.
– Advice for those working in DevOps and security.

Takeaways
Takeaway: DevSecOps should be absorbed into DevOps, streamlining development

Brittany Greenfield believes that the term “DevSecOps” should be obsolete as security should be inherently integrated into DevOps, which itself should be part of standard development. The concept of DevSecOps was born out of the recognition of the need to integrate security into the efficiency-maximizing, silo-breaking practices of DevOps, but this integration has not been fully realized.

DevSecOps should exist as a term is it should just be DevOps which should just be development,” said Greenfield. She argued that the initial shift to DevOps was about maximizing efficiency through breaking down silos, but security was left behind due to its complexity and its different methodology.

Greenfield’s mission with Wabbi is to make DevSecOps obsolete by seamlessly integrating security into the development process, noting that “everybody recognizes that DevSecOps is the norm,” but most enterprises have only implemented DevSecOps without truly integrating it into their existing software development lifecycle process.

Takeaway: Application Security Posture Management can streamline security integration

Application Security Posture Management (ASPM) holds the potential to streamline the integration of security into the development process. ASPM leverages automation and orchestration to manage the end-to-end application security lifecycle as part of the software development lifecycle, allowing developers to focus primarily on developing code.

One feature of Wabbi, as explained by Greenfield, is that it “orchestrates the end-to-end application security lifecycle as part of the software development lifecycle.” This allows developers to just focus on developing code, while the security tasks are fed into the process at the right time.

Greenfield gave an example of how Wabbi works: when developers submit a pull request, Wabbi will automatically kick off a security scan, bring back the results, prioritize them, and if needed, block the pull request from being completed until the critical vulnerabilities are fixed.

Takeaway: Security should be more than just compliance

Greenfield emphasized that while compliance is important, security should not be merely viewed as a checkbox to tick off. She argued that security should also consider business risk and customer risk, and that each company has different security standards depending on its risk profile.

Greenfield criticized the idea of security being just about compliance, saying “if you’re only doing security to do compliance then you’re just doing check the box security.” She pointed out that each company, especially in large enterprises, treats their applications with different security risks.

She concluded by highlighting the importance of collaboration in achieving effective security, saying “at the end of the day all of this is just good development because it’s about good collaboration and breaking down silos.”

Insights surfaced
Application security posture management is a growing field that bridges the gap between security and development in the DevOps process.
– The integration of security into the DevOps process is a challenging but necessary step to ensure the safety and efficiency of software development.
– Wabbi is a platform that facilitates this integration by managing the end-to-end application security lifecycle as part of the software development lifecycle.
– The role of developers in the security process should not be to become security experts, but to work in collaboration with security professionals to ensure secure development practices.
– The future of application security will likely involve more government involvement and regulations, as well as the continued development of transformative technologies like application security posture management.

Key quotes
– “The reason I don’t believe DevSecOps should exist as a term is it should just be DevOps which should just be development right and if we think about where DevOps came from it was really about breaking down silos and DevSecOps is no different.”
– “Part of my mission with Wabbi is to make that term DevSecOps obsolete because it should just be the norm.”
– “We’ve created all of this data but it’s not enough to have data you have to have actionable information.”
– “We’re not expecting nor should we developers to suddenly start doing different things right they’ve got good workflows those will evolve as development evolves same with security they’ve got their own workflows.”
– “One actionable piece of information I think I can give that’s going to move the ball forward a lot faster is pick up a phone and call an application security manager.”

Related Articles

The Wabbi Wire: Announcing the 2024 State of Continuous Security

The Wabbi Wire: Announcing the 2024 State of Continuous Security

In case you didn't hear, Wabbi's Annual State of Continuous Security results are in and we're ready to share the our findings.  In this edition of the Wabbi Wire we'll highlight key trends in the industry, discuss insights we discovered on integrating security into...

Wabbi Announces Findings of Annual Continuous Security Report

Wabbi Announces Findings of Annual Continuous Security Report

BOSTON / Press Release / May 6, 2024 Progress in Integrating Security into Software Development, Progress in Adoption, but Bottlenecks Persist  Wabbi, the leading application security posture management platform, today announced the findings of its annual report on...

Application Security Posture Management for Developers

Application Security Posture Management for Developers

Why Application Security Matters to Me: Evaluating Application Security Posture Management (ASPM) for Developers   In today’s digital landscape, where cyber threats are constantly evolving, organizations must prioritize their cybersecurity measures to protect their...

Application Security Posture Management for AppSec Managers

Application Security Posture Management for AppSec Managers

Why Application Security Matters to Me: Evaluating Application Security Posture Management (ASPM) for AppSec Managers   In today’s digital landscape, where cyber threats are constantly evolving, organizations must prioritize their cybersecurity measures to protect...

The Imperfect Code – Rethinking Application Security

The Imperfect Code – Rethinking Application Security

Brittany Greenfield, Founder & CEO of Wabbi, joins host, Christian Hammer, on his podcast TechTastic. The discussion explores the evolving landscape of application security, highlighting its transition from a narrow focus to a broad, integral aspect of all...

The Entrepreneurial Spirit in Cybersecurity

The Entrepreneurial Spirit in Cybersecurity

Brittany Greenfield, Founder & CEO of Wabbi, joins The CTO Show with Mehmet host Mehmet to discuss the evolving challenges of cybersecurity in software development. Brittany shares her journey into the cybersecurity domain, revealing how Wabbi is pioneering the...

Wabbi Founder & CEO, Brittany Greenfield, Named 40 under 40

Wabbi Founder & CEO, Brittany Greenfield, Named 40 under 40

BOSTON, MA, USA / August 16, 2023  Brittany Greenfield, CEO & Founder of Wabbi, the leading ASPM platform, has been named to Boston Business Journal's prestigious 40 Under 40 list for 2024. This annual award honors 40 outstanding professionals under the age of 40...

Wabbi Named in Three Gartner® Reports as ASPM Sample Vendor

Wabbi Named in Three Gartner® Reports as ASPM Sample Vendor

BOSTON, MA, USA / August 1, 2023 For more information on Wabbi's Application Security Posture Management platform, visit https://www.wabbisoft.com. Wabbi, a leading provider of Application Security Posture Management (ASPM) solutions, is pleased to announce that it...

Wabbi Unlocks the Secret to Enterprise Secrets Management

Wabbi Unlocks the Secret to Enterprise Secrets Management

Wabbi unveils new Secrets Mangement solution as part of their leading application security posture management and orchestration platform. BOSTON, MA, USA / May 17, 2023 /Originally Published at EINPresswire.com Today, Wabbi, a leader in Application Security Posture...

Application Security Posture Management for AppSec Managers

Application Security Posture Management for AppSec Managers

Why Application Security Matters to Me: Evaluating Application Security Posture Management (ASPM) for AppSec Managers   In today’s digital landscape, where cyber threats are constantly evolving, organizations must prioritize their cybersecurity measures to protect...

Application Security Posture Management for VP of Engineering

Application Security Posture Management for VP of Engineering

Why Application Security Matters to Me:Evaluating Application Security Posture Management (ASPM) for VPs of Engineering In today’s digital landscape, where cyber threats are constantly evolving, organizations must prioritize their cybersecurity measures to protect...

Application Security Posture Management for CISOs

Application Security Posture Management for CISOs

Why Application Security Matters to Me: Evaluating Application Security Posture Management (ASPM) for CISOs   In today's digital landscape, where cyber threats are constantly evolving, organizations must prioritize their cybersecurity measures to protect their...

What is Continuous Security and Why is it Important?

What is Continuous Security and Why is it Important?

What is Continuous Security And Why Is It Important? Executives across every industry and company size have made cyber-security a top priority. This has not just driven the adoption of new technologies, but created an overall mindset shift to proactive cybersecurity -...

From ASOC to ASPM: Evolving from AppSec Monitoring to Observability

From ASOC to ASPM: Evolving from AppSec Monitoring to Observability

Application Security Posture Management (ASPM) ASPM is the practice of monitoring and managing an organization’s application security program in response to internal and external signals as an integrated part of the software development lifecycle (SDLC).  Application...

2024: The Year of the ASPM Revolution

2024: The Year of the ASPM Revolution

2023 solidified Wabbi’s position as not just a trailblazer, but a leader in the ASPM domain, as we continued to deliver on our mission to simplify the integration of security into the software development lifecycle so organizations can realize the promise of...

What is Application Security Orchestration & Correlation?

What is Application Security Orchestration & Correlation?

What is Application Security Orchestration & Correlation (ASOC)? Application Security Orchestration & Correlation is the use of automation to manage components of an application security program in response to a pre-defined workflows to enable integration into...

What is Risk-Based Vulnerability Management?

What is Risk-Based Vulnerability Management?

Risk-Based Vulnerability Management (RBVM) is a security strategy that aligns the risk profile of an organization with its remediation efforts in application security. It is designed to ensure that an organization's resources are utilized efficiently and effectively...

What is Vulnerability Management?

What is Vulnerability Management?

What is Vulnerability Management? Vulnerability management is the traditional core of an Application Security strategy. It is not just enough to scan, you have to aggregate and prioritize the results. As 2/3 of organizations use at least 11-20 application security...

0 Comments

0 Comments