Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.


To attend this webcast, login to your SANS Account or create your Account.

Secure DevOps: Fact or Fiction? SANS Survey Looks at Reality, Part II

  • Friday, November 09, 2018 at 1:00 PM EST (2018-11-09 18:00:00 UTC)
  • Jim Bird, Barbara Filkins, Chris Eng, Sandeep Potdar, Hari Srinivasan


  • Qualys

You can now attend the webcast using your mobile device!



New SANS research has asked practitioners how they're dealing with the rapid evolution of integrating security into application development. This new study, a follow-on to previous research into application security, delves into how security and risk management leaders will manage the collaborative, agile nature of DevOps to be seamless and transparent in the development process.

In this webcast, Part 2 on the topic, attendees will learn about incorporation of security into the software development lifecycle. Join SANS Analyst Authors Jim Bird and Barb Filkins, who will discuss the ongoing integration of development, IT and security, as well as the implications for practitioners.

Results will initially be discussed at the Secure DevOps Summit & Training, Oct. 22-29, 2018. Click here to view the whitepaper.

Register for Part I of this webcast here.

Speaker Bios

Jim Bird

Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP), and an author of books on Agile Security and DevSecOps. He has worked at major technology organizations and financial institutions around the world in software development, operations and IT security.

Barbara Filkins

Barbara Filkins, SANS Analyst Program Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

Chris Eng

Chris Eng is vice president of research at CA Veracode. A founding member of the Veracode team, he currently leads all security research initiatives including applied research, product security and Veracode Labs. Chris has led projects breaking, building and defending software in a career spanning nearly two decades. In addition to research, he consults frequently with stakeholders to advance application security initiatives. Chris is a frequent speaker and occasional review board member at premier industry conferences. Prior to Veracode, Chris was technical director at Symantec (formerly @stake) and an engineer at the National Security Agency.

Sandeep Potdar

As the WhiteHat Security principal product manager for DevSecOps, Sandeep Potdar is responsible for product vision, strategy and direction of WhiteHat Sentinel Source (SAST), WhiteHat SCA and DevOps Integrations products at WhiteHat Security. Previously, he worked for Cognizant Technology Solutions for 11 years and provided technology consulting services to several Fortune 500 companies.

Hari Srinivasan

Hari Srinivasan, director of product management for Qualys' public cloud infrastructure platform integrations, has expertise in numerous enterprise software disciplines, including cloud automation and systems management, data center transformation, hybrid cloud, platform-as-a-service (PaaS) and database-as-a-service (DBaaS), compliance and configuration management. He previously worked at Oracle and Andale.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.