Register by Tomorrow to Save $300 on 4-6 Day Courses at SANS Cyber Defense Initiative® in Washington, DC!


To attend this webcast, login to your SANS Account or create your Account.

Secure DevOps: Fact or Fiction? SANS Survey Looks at Reality, Part II

  • Friday, November 9th, 2018 at 1:00 PM EST (18:00:00 UTC)
  • Jim Bird, Barb Filkins, Chris Eng, Sandeep Potdar, and Hari Srinivasan
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Aqua Security Inc.
  • Veracode
  • Qualys
  • Rapid7 Inc.
  • Signal Sciences
  • WhiteHat Security

You can now attend the webcast using your mobile device!


New SANS research has asked practitioners how they're dealing with the rapid evolution of integrating security into application development. This new study, a follow-on to previous research into application security, delves into how security and risk management leaders will manage the collaborative, agile nature of DevOps to be seamless and transparent in the development process.

In this webcast, Part 2 on the topic, attendees will learn about incorporation of security into the software development lifecycle. Join SANS Analyst Authors Jim Bird and Barb Filkins, who will discuss the ongoing integration of development, IT and security, as well as the implications for practitioners.

Results will initially be discussed at the Secure DevOps Summit & Training, Oct. 22-29, 2018. Click here to view the whitepaper.

Register for Part I of this webcast here.

Speaker Bios

Jim Bird

Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP) and a popular blogger on agile development, DevOps and software security at his blog, "Building Real Software." He is the CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. Jim is an experienced software development professional and IT manager, having worked on high-integrity and high-reliability systems at stock exchanges and banks in more than 30 countries. He holds PMP, PMI-ACP, CSM, SCPM and ITIL certifications.

Barbara Filkins

Barbara Filkins, SANS Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

Chris Eng

Chris Eng is vice president of research at CA Veracode. A founding member of the Veracode team, he currently leads all security research initiatives including applied research, product security and Veracode Labs. Chris has led projects breaking, building and defending software in a career spanning nearly two decades. In addition to research, he consults frequently with stakeholders to advance application security initiatives. Chris is a frequent speaker and occasional review board member at premier industry conferences. Prior to Veracode, Chris was technical director at Symantec (formerly @stake) and an engineer at the National Security Agency.

Sandeep Potdar

As the WhiteHat Security principal product manager for DevSecOps, Sandeep Potdar is responsible for product vision, strategy and direction of WhiteHat Sentinel Source (SAST), WhiteHat SCA and DevOps Integrations products at WhiteHat Security. Previously, he worked for Cognizant Technology Solutions for 11 years and provided technology consulting services to several Fortune 500 companies.

Hari Srinivasan

Hari Srinivasan, director of product management for Qualys' public cloud infrastructure platform integrations, has expertise in numerous enterprise software disciplines, including cloud automation and systems management, data center transformation, hybrid cloud, platform-as-a-service (PaaS) and database-as-a-service (DBaaS), compliance and configuration management. He previously worked at Oracle and Andale.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.