OnDemand + GIAC = Relevant Skills, Proven Ability


To attend this webcast, login to your SANS Account or create your Account.

Building an Enterprise DevSecOps Program

  • Thursday, March 26th, 2020 at 10:30 AM EDT (14:30:00 UTC)
  • Rich Mogull and Chris Kirsch
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Veracode

You can now attend the webcast using your mobile device!


As an organization looking to innovate and secure your software development initiatives, all paths lead to DevSecOps. What is the best way to introduce DevSecOps? Where do you start? What are the foundational pieces? Register for this webinar hosted by the SANS Institute to hear application security experts offer answers to these questions.

During this webinar, Rich Mogull, Analyst at Securosis and Chris Kirsch, product leader at Veracode will outline how to put together a comprehensive DevSecOps program. Hear why it is important for security professionals to understand what development teams are trying to accomplish, and for developers to leverage automated security testing to be at least as agile as development.

Register for this webinar to understand:

  • The integration of security teams and testing with DevOps principles
  • How to structure an application security program
  • How to weave security in to the fabric of your DevOps automation framework

Speaker Bios

Chris Kirsch

Chris Kirsch works on the products team at Veracode and has over 20 years of experience in security, particularly in the areas of application security testing, security assessments, incident response, and cryptography. Previously, he managed Metasploit and incident response solutions at Rapid7 and held similar positions at Thales e-Security and PGP Corporation. He is the winner of the Social Engineering CTF Black Badge competition at DEF CON 25.

Rich Mogull

Rich has twenty years of experience in information security, physical security, and risk management. He specializes in data security, application security, emerging security technologies, and security management. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading, and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica (where hes happy to speak for free assuming travel is covered).

Prior to his technology career, Rich also worked as a security director for major events such as football games and concerts. He was a bouncer at the age of 19, weighing about 135 lbs (wet). Rich has worked or volunteered as a paramedic, firefighter, and ski patroller at a major resort (on a snowboard); and spent over a decade with Rocky Mountain Rescue. He currently serves as a responder on a federal disaster medicine and terrorism response team, where he mostly drives a truck and lifts heavy objects. He has a black belt, but does not play golf. Rich can be reached at rmogull (at) securosis (dot) com.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.