Quintessence is a Developer/DevOps Advocate at PagerDuty, where she brings over a decade of experience breaking and fixing things in IT. At PagerDuty, she uses her cloud engineering background to focus on the cultural transformation, tooling, and best practices for DevOps. Outside of work, she mentors underrepresented groups to help them start sustainable careers in technology. She also has a cat and an aquarium with two maroon clown fish and a mantis shrimp, of The Oatmeal fame.
Let’s talk about security in an organization. Most commonly, security sits at or after the last phase of the software development life cycle (SDLC) and can make or break the decision to release into production. Unfortunately, waiting on such decisive feedback until after something has been built frequently results in needing to make changes after it’s been marked as ‘complete’, which is costly and inefficient. Instead, let’s learn from how we created shorter development cycles - instead of making Big Decisions at the very end, make smaller, iterative decisions throughout the entire journey that are easier to implement or reverse. One way to do that is by implementing DevSecOps, which adjusts the workflows of development, operations, and security so that security decisions are made on smaller scales at every phase of the SDLC. As with development and operations, even with preparation there can still be incidents - in this case, security incidents - so I’ll also be reviewing our 14 Step Secure Incident Response process, including the what and why of each step.
