Develop invaluable cybersecurity skills through interactive training during SANS 2021 - Live Online. Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Implementing and Maintaining a DevSecOps Approach in the Cloud - Tips, tricks, operational and security best practices

  • Wednesday, January 25, 2017 at 1:00 PM EST (2017-01-25 18:00:00 UTC)
  • Mark Bloom, George Gerchow


  • Sumo Logic

You can now attend the webcast using your mobile device!



Its no secret that continuous innovation and speed to market are mandating dynamic paradigm shifts in how companies conceive, develop and implement IT operations and security strategies. While this is all fine and well for the DevOps teams, for the folks managing security, these innovations bring up new challenges. Modern applications must be architected and managed with security in mind from the get-go, and building a SaaS offering that has security baked in is a whole new game.

DevSecOps is the name of the game, but there isnt always a clear path to implementation and adoption. Between protecting against major attacks that arrive on a daily basis to maintaining compliance with strict regulations, leaving the boundaries of traditional IT can leave some security professionals quaking in their boots.

Fear not, friends! There is a way to be secure and compliant in the cloud with the right approach. In this webinar, George Gerchow, VP of Security and Compliance at Sumo Logic, will do a deep dive into the steps it takes to successfully implement and maintain DevSecOps in your organization at scale. He will be discussing:

·        What it took to build a world-class data analytics service on AWS from the ground up

·        Technologies used to gain necessary operational and security visibility

·        Tips and tricks to maintain optimal levels of performance, integrity and availability of the data

·        How to best approach regulatory compliance in the cloud in pursuing certifications like PCI DSS, ISO 27001, CSA STAR, TRUSTe, SOC 2, Type 2, etc.

·        Challenges encountered in the journey and how they were addressed

Speaker Bios

George Gerchow

As Sumo Logic's VP of Security and Compliance , George Gerchow brings 18 years of information technology and systems management expertise to the application of IT processes and disciplines. His expertise impacts the security, compliance, and operational status of complex, heterogeneous, virtual and cloud computing environments. Gerchow's practical experience and insight from managing the infrastructures of some of the world's largest corporate and government institutions, make him a highly regarded speaker and invited panelist on topics including virtualization, ITSM\ITIL, configuration management, cloud secure architecture design, operational security, and compliance. He holds CISSP, ITIL, Cisco, and Microsoft Certifications. Gerchow is also the co-author of CIS Quick Start Cloud Infrastructure Benchmark v1.0.0. George is also a Faculty Member for IANS - Institute of Applied Network Security

Mark Bloom

Mark Bloom has over 15 years of sales, marketing and business development experience in a variety of financial service and high-technology markets. In the course of his experience, Mr. Bloom has helped F100 organizations develop technology infrastructures, build global strategies and execute sales and marketing programs with strategic partners. Past clients/employers have included Ford, Motorola, United Technologies, Cisco, Chrysler, SonicWall/Dell, Trend Micro and Compuware.

Mr. Bloom holds a Bachelor of Commerce degree in Management Information Systems and an MBA in International Business. He currently works for Sumo Logic, as Director Product Marketing, Compliance and Security.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.