TestGuild Devops Toolchain Podcast – AI-Powered Security Orchestration in DevOps

Team Wabbi

April 10, 2024

Click below to listen to TestGuild DevOps Toolchain’s interview with Wabbi’s Founder & CEO, Brittany Greenfield. She talks with host, Joe,  about the integration of security and development in the DevOps process.

This interview originally appeared on TestGuild DevOps Toolchain Podcast on April 10, 2024

AI-Powered Security Orchestration in DevOps

About the session
This transcript is from an episode of the Test Skill DevOps Tool Chain podcast. The host, Joe, is speaking with Brittany Greenfield, CEO and founder of Wabbi, about the integration of security and development in the DevOps process. They discuss the concept of application security posture management, the future of DevOps, and the role of Wabbi in bridging the gap between security and development.

Key speakers
– Joe, Host
– Brittany Greenfield, CEO and Founder of Wabbi

Agenda
– Introduction of Brittany Greenfield and her work in DevOps and application security.
– Discussion on the future of DevOps and the integration of security into the process.
– Explanation of Wabbi’s role in application security posture management.
– Discussion on the challenges in integrating security into the DevOps process.
– Explanation of how Wabbi addresses these challenges and facilitates the process.
– Discussion on the current state of application security and the role of government and tech companies in it.
– Advice for those working in DevOps and security.

Takeaways
Takeaway: DevSecOps should be absorbed into DevOps, streamlining development

Brittany Greenfield believes that the term “DevSecOps” should be obsolete as security should be inherently integrated into DevOps, which itself should be part of standard development. The concept of DevSecOps was born out of the recognition of the need to integrate security into the efficiency-maximizing, silo-breaking practices of DevOps, but this integration has not been fully realized.

DevSecOps should exist as a term is it should just be DevOps which should just be development,” said Greenfield. She argued that the initial shift to DevOps was about maximizing efficiency through breaking down silos, but security was left behind due to its complexity and its different methodology.

Greenfield’s mission with Wabbi is to make DevSecOps obsolete by seamlessly integrating security into the development process, noting that “everybody recognizes that DevSecOps is the norm,” but most enterprises have only implemented DevSecOps without truly integrating it into their existing software development lifecycle process.

Takeaway: Application Security Posture Management can streamline security integration

Application Security Posture Management (ASPM) holds the potential to streamline the integration of security into the development process. ASPM leverages automation and orchestration to manage the end-to-end application security lifecycle as part of the software development lifecycle, allowing developers to focus primarily on developing code.

One feature of Wabbi, as explained by Greenfield, is that it “orchestrates the end-to-end application security lifecycle as part of the software development lifecycle.” This allows developers to just focus on developing code, while the security tasks are fed into the process at the right time.

Greenfield gave an example of how Wabbi works: when developers submit a pull request, Wabbi will automatically kick off a security scan, bring back the results, prioritize them, and if needed, block the pull request from being completed until the critical vulnerabilities are fixed.

Takeaway: Security should be more than just compliance

Greenfield emphasized that while compliance is important, security should not be merely viewed as a checkbox to tick off. She argued that security should also consider business risk and customer risk, and that each company has different security standards depending on its risk profile.

Greenfield criticized the idea of security being just about compliance, saying “if you’re only doing security to do compliance then you’re just doing check the box security.” She pointed out that each company, especially in large enterprises, treats their applications with different security risks.

She concluded by highlighting the importance of collaboration in achieving effective security, saying “at the end of the day all of this is just good development because it’s about good collaboration and breaking down silos.”

Insights surfaced
Application security posture management is a growing field that bridges the gap between security and development in the DevOps process.
– The integration of security into the DevOps process is a challenging but necessary step to ensure the safety and efficiency of software development.
– Wabbi is a platform that facilitates this integration by managing the end-to-end application security lifecycle as part of the software development lifecycle.
– The role of developers in the security process should not be to become security experts, but to work in collaboration with security professionals to ensure secure development practices.
– The future of application security will likely involve more government involvement and regulations, as well as the continued development of transformative technologies like application security posture management.

Key quotes
– “The reason I don’t believe DevSecOps should exist as a term is it should just be DevOps which should just be development right and if we think about where DevOps came from it was really about breaking down silos and DevSecOps is no different.”
– “Part of my mission with Wabbi is to make that term DevSecOps obsolete because it should just be the norm.”
– “We’ve created all of this data but it’s not enough to have data you have to have actionable information.”
– “We’re not expecting nor should we developers to suddenly start doing different things right they’ve got good workflows those will evolve as development evolves same with security they’ve got their own workflows.”
– “One actionable piece of information I think I can give that’s going to move the ball forward a lot faster is pick up a phone and call an application security manager.”

Related Articles

Tackling Dev Sec Ops in 2025: A Practical Path Forward 

Tackling Dev Sec Ops in 2025: A Practical Path Forward 

The misconception of DevSecOps as a collection of tools or isolated practices has held back its true potential. In 2025, the shift will be about embedding security within every phase of development—not as an interruption, but as an enabler of efficient, secure...

Why AppSec Orchestration Delivers ROI for Dev, Sec & Ops Teams

Why AppSec Orchestration Delivers ROI for Dev, Sec & Ops Teams

Building Tangible ROI Through Dev Sec Ops Investments  Historically, it has been tough to justify the ROI of cybersecurity investments because cybersecurity success often means nothing happened: no breaches, data losses, or compliance failures. This “absence of...

Wabbi Wire: Understanding the ASPM Landscape

Wabbi Wire: Understanding the ASPM Landscape

Wabbi Wire: Understanding the ASPM Landscape Welcome to the latest edition of the Wabbi Wire! In this issue, we dive deep into the evolving landscape of Application Security Posture Management (ASPM). As we continue to prioritize the integration of security within the...

Building Good Application Security Hygiene 

Building Good Application Security Hygiene 

In today’s fast-evolving tech landscape, application security (AppSec) hygiene is an essential factor for every business handling data. AppSec hygiene entails establishing thorough security processes, understanding risks, and ensuring that security protocols are...

DevSecOps: Unlocking the Convergence of Security and User Experience 

DevSecOps: Unlocking the Convergence of Security and User Experience 

In today’s technology landscape, balancing robust security with an optimal user experience (UX) and high-performance standards is a delicate act. As Wabbi’s CEO, Brittany Greenfield, recently shared, no code can ever be entirely flawless, and neither can security....

Wabbi Founder & CEO, Brittany Greenfield, Named 40 under 40

Wabbi Founder & CEO, Brittany Greenfield, Named 40 under 40

BOSTON, MA, USA / August 16, 2023  Brittany Greenfield, CEO & Founder of Wabbi, the leading ASPM platform, has been named to Boston Business Journal's prestigious 40 Under 40 list for 2024. This annual award honors 40 outstanding professionals under the age of 40...

Wabbi Named in Three Gartner® Reports as ASPM Sample Vendor

Wabbi Named in Three Gartner® Reports as ASPM Sample Vendor

BOSTON, MA, USA / August 1, 2023 For more information on Wabbi's Application Security Posture Management platform, visit https://wabbisoft.com. Wabbi, a leading provider of Application Security Posture Management (ASPM) solutions, is pleased to announce that it has...

Wabbi Unlocks the Secret to Enterprise Secrets Management

Wabbi Unlocks the Secret to Enterprise Secrets Management

Wabbi unveils new Secrets Mangement solution as part of their leading application security posture management and orchestration platform. BOSTON, MA, USA / May 17, 2023 /Originally Published at EINPresswire.com Today, Wabbi, a leader in Application Security Posture...

Tackling Dev Sec Ops in 2025: A Practical Path Forward 

Tackling Dev Sec Ops in 2025: A Practical Path Forward 

The misconception of DevSecOps as a collection of tools or isolated practices has held back its true potential. In 2025, the shift will be about embedding security within every phase of development—not as an interruption, but as an enabler of efficient, secure...

Why AppSec Orchestration Delivers ROI for Dev, Sec & Ops Teams

Why AppSec Orchestration Delivers ROI for Dev, Sec & Ops Teams

Building Tangible ROI Through Dev Sec Ops Investments  Historically, it has been tough to justify the ROI of cybersecurity investments because cybersecurity success often means nothing happened: no breaches, data losses, or compliance failures. This “absence of...

Building Good Application Security Hygiene 

Building Good Application Security Hygiene 

In today’s fast-evolving tech landscape, application security (AppSec) hygiene is an essential factor for every business handling data. AppSec hygiene entails establishing thorough security processes, understanding risks, and ensuring that security protocols are...

DevSecOps: Unlocking the Convergence of Security and User Experience 

DevSecOps: Unlocking the Convergence of Security and User Experience 

In today’s technology landscape, balancing robust security with an optimal user experience (UX) and high-performance standards is a delicate act. As Wabbi’s CEO, Brittany Greenfield, recently shared, no code can ever be entirely flawless, and neither can security....

Fortifying Your Defenses: How ASPM Can Combat MITM Attacks 

Fortifying Your Defenses: How ASPM Can Combat MITM Attacks 

Wabbi’s CEO, Brittany Greenfield, recently discussed with Forbes strategies organizations should adopt to strengthen their defenses and safeguard stakeholders from MITM attacks. So, we’re diving into why these types of cyberattacks are a wake-up call for improving...

Understanding the Application Security Posture Management Landscape

Understanding the Application Security Posture Management Landscape

As the importance of Application Security has grown, so has the confusion around how to successfully maintain the complete application security lifecycle– not to mention stay up to date with the alphabet soup of acronyms we must contend with. Consequently, as...

0 Comments
Subscribe to stay
Stay up to date on the latest in cyber security and how you should be protected.
Connected
Subscribe to stay
Stay up to date on the latest in cyber security and how you should be protected.
Connected
Learn how our solutions can streamline your Application Security program.
Get Insights on AppSec Orchestration
Learn how our ASPM program can streamline your application security.
Get Insights on ASPM SOLUTIONS
Learn how our DevSecOps program can integrate security into your development.
Get Insights on DevSecOps Solutions