Last Day to Get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

Extending DevSecOps Security Controls into the Cloud: A SANS Survey

  • Wednesday, October 28, 2020 at 1:00 PM EDT (2020-10-28 17:00:00 UTC)
  • Jim Bird, Eric Johnson


  • Cisco Systems
  • CloudPassage
  • ExtraHop
  • LogRhythm
  • Orca Security
  • Qualys
  • Rapid7 Inc.
  • Veracode

You can now attend the webcast using your mobile device!



​In previous years, SANS research has examined how security and risk management leaders are leveraging modern technologies, such as infrastructure as code, containerization and security automation, to manage security in fast-paced Agile and DevOps environments.

In this years survey, authors Jim Bird and Eric Johnson will continue to explore how organizations are extending their DevSecOps security controls beyond their on-premises environments into the public cloud to secure their cloud networks, services and applications. Some highlights from the survey investigations include:

  • How the cloud helps organizations move faster
  • Whether organizations are putting their emphasis more on the left (Dev) or the right (Ops) of DevSecOps as implemented in the cloud
  • How InfoSec can take advantage of DevOps feedback loops and experiments to continuously assess, learn and improve the security of systems
  • How cloud continuous integration, continuous delivery and configuration management tools are being used compared with on-premises options

Learn how to leverage best practices in DevSecOps in todays cloud-based environment and how to use the most effective tools and technologies. Register now and be the first to receive the associated report, written by SANS analyst Jim Bird and SANS Application Security Curriculum product manager Eric Johnson.

Speaker Bios

Jim Bird

Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP), and an author of books on Agile Security and DevSecOps. He has worked at major technology organizations and financial institutions around the world in software development, operations and IT security.

Eric Johnson

Eric Johnson, Principal Security Engineer at Puma Security and Principal SANS Instructor, focuses on cloud security, DevSecOps automation, and building static analysis tools. His experience includes application security automation, cloud security reviews, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.