Federated Africa and Middle East Conference on Software Engineering 7-8 June, 2022 Egypt-Uganda
|

Hasan Yasar

Technical Director, Adjunct Faculty Member at Carnegie Mellon

Hasan Yasar

Technical Director, Adjunct Faculty Member at Carnegie Mellon
http://linkedin.com/in/hasanyasar/

Biography

Hasan Yasar is the Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate and assure Transformation at the speed of relevance by leveraging, DevSecOps, Agile, Lean AI/ML and other emerging technologies to create a Smart Software Platform/Pipeline. Hasan has more than 25 years’ experience as senior security engineer, software engineer, software architect and manager in all phases of secure software development and information modeling processes. He is also Adjunct Faculty member in CMU Heinz Collage and Institute of Software Research where he currently teaches “Software and Security” and “DevOps: Engineering for Deployment and Operations”

 About the Talk

Reviewing the DevSecOps journey: What we learned on how to be a DevSecOps Elite

Abstract

We’ve spent last six years studying the secure coding practices of DevOps and the continuous delivery organizations by surveying over 20,000 software professionals.  We’ve analyzed their staffing practices, educational priorities, automation choices, security tools usage and various software development processes that improve their cybersecurity preparedness. Our study has also uncovered details of where automation fails, awareness falls short, and breaches happen.  We know, as a collective team, how to produce the highest quality of software by following a DevOps methodology. This methodology helps us enforce security checks at each phase in a SDLC.  We learned many lessons on how automation help improve security. For example, how happy developer’s vs grumpy developers effect better software security. More specifically, recent surveys point out that mature DevOps practices are 3.6x more likely to consider security as a top concern and 2x more likely to have automated governance and compliance. In addition, mature DevOps practices are constantly testing, deploying, and validating that the software meets every requirement and allows for fast recovery in the event of a problem.

All session by Hasan Yasar

Reviewing the DevSecOps journey: What we learned on how to be a DevSecOps Elite

10:00 - 10:45
Online