Get unparalleled cyber security training from real-world practitioners in Nashville. Save $200 thru 10/30.


To attend this webcast, login to your SANS Account or create your Account.

Secure DevOps: Fact or Fiction? SANS Survey Looks at Reality, Part I

  • Thursday, November 8th, 2018 at 1:00 PM EST (18:00:00 UTC)
  • Jim Bird, Barb Filkins, Dan Kuykendall, Zane Lackey, and Rani Osnat
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Aqua Security Inc.
  • Veracode
  • Qualys
  • Rapid7 Inc.
  • Signal Sciences
  • WhiteHat Security

You can now attend the webcast using your mobile device!


In previous years, SANS research has examined how application security programs have kept pace with the increasing speed of delivery in agile and DevOps organizations. But integrating security into DevOps requires more than speed. To be truly effective in today's on-premise, cloud and hybrid environments, it requires new mind-sets, processes and tools. A new survey of SANS practitioners has examined how security and risk management leaders will manage the collaborative, agile nature of DevOps to be seamless and transparent in the development process.

In this webcast, Part 1 on the topic, SANS Analyst Authors Jim Bird and Barb Filkins will reveal how practitioners are handling evolving DevOps requirements and challenges, and how they're integrating security into the process.

Results will initially be discussed at the Secure DevOps Summit & Training, Oct. 22-29, 2018. Click here to view the whitepaper.

Register for Part II of this webcast here.

Speaker Bios

Jim Bird

Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP) and a popular blogger on agile development, DevOps and software security at his blog, "Building Real Software." He is the CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. Jim is an experienced software development professional and IT manager, having worked on high-integrity and high-reliability systems at stock exchanges and banks in more than 30 countries. He holds PMP, PMI-ACP, CSM, SCPM and ITIL certifications.

Barbara Filkins

Barbara Filkins, SANS Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

Dan Kuykendall

Dan Kuykendall is the senior director of application security products at Rapid7, where he directs the strategic vision, research and product development for the company’s application security solutions. In addition to keeping up with the latest attack patterns, Dan remains focused on one of the toughest aspects of application security: the rapidly evolving web and mobile application development trends. He does this with the philosophy that we need to help security experts keep up by automating as much as possible to free up pen testers for the tough work that requires human brains.

Zane Lackey

Zane Lackey is the founder of Signal Sciences Corporation and serves as its CSO. Before co-founding Signal Sciences, Zane built and led the Etsy Security Team, where he pioneered and published new approaches to practical defense based on his background in offensive security. A respected voice in the industry, he serves on advisory boards at the Internet Bug Bounty Program and the U.S. State Department-backed Open Technology Fund. He's also been featured by BBC, Associated Press, Forbes and Wired and invited to lecture at top industry conferences and universities.

Rani Osnat

Rani Osnat is VP of product marketing at Aqua Security, a container and cloud-native security platform provider. He is a frequent blogger and presenter on the topics of container security, Kubernetes security, and DevSecOps. Rani has more than 20 years of enterprise software industry experience, including a decade as VP of marketing for innovative tech startups in the cybersecurity and cloud arenas. Prior to that, Rani was a management consultant in the London office of strategy consultancy Booz & Co. He holds an MBA from INSEAD in Fontainebleau, France. Rani is an avid wine geek, and a slightly less avid painter.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.