Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Extending DevSecOps Security Controls into the Cloud: A SANS Survey

  • Wednesday, October 28, 2020 at 1:00 PM EDT (2020-10-28 17:00:00 UTC)
  • Jim Bird, Eric Johnson


  • Cisco Systems
  • CloudPassage
  • ExtraHop
  • LogRhythm
  • Orca Security
  • Qualys
  • Rapid7 Inc.
  • Veracode

You can now attend the webcast using your mobile device!



​In previous years, SANS research has examined how security and risk management leaders are leveraging modern technologies, such as infrastructure as code, containerization and security automation, to manage security in fast-paced Agile and DevOps environments.

In this years survey, authors Jim Bird and Eric Johnson will continue to explore how organizations are extending their DevSecOps security controls beyond their on-premises environments into the public cloud to secure their cloud networks, services and applications. Some highlights from the survey investigations include:

  • How the cloud helps organizations move faster
  • Whether organizations are putting their emphasis more on the left (Dev) or the right (Ops) of DevSecOps as implemented in the cloud
  • How InfoSec can take advantage of DevOps feedback loops and experiments to continuously assess, learn and improve the security of systems
  • How cloud continuous integration, continuous delivery and configuration management tools are being used compared with on-premises options

Learn how to leverage best practices in DevSecOps in todays cloud-based environment and how to use the most effective tools and technologies. Register now and be the first to receive the associated report, written by SANS analyst Jim Bird and SANS Application Security Curriculum product manager Eric Johnson.

Speaker Bios

Jim Bird

Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP), and an author of books on Agile Security and DevSecOps. He has worked at major technology organizations and financial institutions around the world in software development, operations and IT security.

Eric Johnson

Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevOps Automation, a co-author and instructor for both the brand new SEC510: Public Cloud Security: AWS, Azure, and GCP, and the upcoming SEC584: Cloud Native Security: Defending Containers & Kubernetes. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys. Read more about Eric here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.