The road to DevSecOps. Chapter 1: Governace

Mateo Martinez

Mateo Martinez

CEO

Lugapel

Abstract

In today’s fast-paced digital landscape, the imperative of integrating security seamlessly into the software development lifecycle has become paramount. DevSecOps, a paradigm that champions this integration, alongside the proactive approach of ““Shift Left,”” are concepts that have permeated the industry lexicon. Yet, while their significance is widely acknowledged, the challenge lies in charting a course for continuous improvement.

Determining the specific areas where an organization can enhance its security posture often elicits a sense of uncertainty. This is where the strategic utilization of established maturity models, such as the OWASP Software Assurance Maturity Model (SAMM) and the DevSecOps Maturity Model (DSOMM), becomes indispensable. These frameworks provide a structured methodology for assessing and advancing an organization’s DevSecOps capabilities.

A pivotal aspect of these models is their emphasis on governance. In this conference, we will delve into the governance expectations outlined by these models, examining the various implementation strategies and their respective advantages and disadvantages. By exploring these facets, we aim to equip attendees with the knowledge necessary to make informed decisions about their DevSecOps initiatives.

Ultimately, the goal is to provide actionable insights that facilitate the development of comprehensive roadmaps towards DevSecOps maturity. These roadmaps will serve as guiding frameworks, enabling organizations to systematically elevate their security practices and foster a culture of security throughout the software development lifecycle.

Speaker Bio

Currently pursuing a doctorate in Computer Science at the National University of La Plata (Argentina) on cyber-intelligence threats. Master in Computer Security (Spain). Computer Systems Engineer graduated with academic excellence. Specialized in Incident Response Centers by INCIBE, OEA and the University of León. Recognized information security professional at an international level with experience in information security since 2001. He has professional experience as a consultant, auditor, pentester, responsible for information security and as an information security manager in recognized international companies. It has the international certifications CISSP (Certified Information Systems Security Professional) of (ISC) 2, CEH (Certified Ethical Hacker) of EC-Council, ISO 27001 Lead Implementer of PECB, ISO 27032 Lead Cybersecurity Manager, ITIL, among others. He is a recognized speaker at local and international information security events. He is the founder of the OWASP Uruguay chapter and current chapter leader and actively participates in the organization of OWASP events such as the OWASP Latam Tour and the AppSec Latam. He is Professor of the Diploma in Cybersecurity at Universidad ORT Uruguay, Professor of the Diploma in Cybersecurity at UCOM (Paraguay) and professor of the Master in Cybersecurity at UTH Florida, Professor of the Master in Cybersecurity in TEC de Monterrey (México). CEO of Lugapel, Cybersecurity distributor in Latin America.

← Back to User Day