Dev Sec Ops in Practice - A Middle TN ISACA Virtual Panel Discussion
Date and Time
Wednesday Dec 16, 2020
11:00 AM - 12:00 PM CST
12/16/2020 at 11:00 am CST to 12:00 pm CST (noon)
Location
PLEASE NOTE: A Zoom Webinar Link will be sent to registrants via email on Tuesday, December 15th. CPE Credits*: Up to 1 hours of credit will be issued to attendees. * credits certified and governed by NASBA. Survey questions will be posed to gauge virtual attendance requirements.
Fees/Admission
This is a FREE event hosted by Middle TN ISACA eligible for up to 1 hr CPE peakers: Co-Hosts: Penny Owen-Grogan (Business Development and Client Engagement Director, Trinisys) and Mark Brown (Program Management Support, Quantitech LLC). Panelists: Travis Gregg (Principal, Trinisys, Board Member of NTC), Chris Bybee (VP of Professional Services, Trinisys), Leigh Ann Pepin (Business Analyst, Trinisys), Dennis Kabelac (Governance Risk Compliance Lead, Past President Ohio ISACA Chapter)
Website
https://www.eventbrite.com/e/devsecops-in-practice-a-virtual-panel-discussion-tickets-132047476557
Contact Information
Keith Jackson
President
president@isacanashville.org
Send Email
Description
Event Description: Join the ISACA Middle Tennessee Chapter as our executive panel shares how they keep security in focus while developing solutions for healthcare clients in an Agile DevSecOps environment. Some of our discussion questions for the team will include the following and be sure to bring some of your own, or send ahead of time to our Programs Director, Mark Brown at m3000@bellsouth.net Summary: What types of applications or solutions are Trinisys engineers coding and how does the "shift left" paradigm of identifying code errors, bugs, and security vulnerabilities early in the coding cycle apply to Trinisys’ development team? What's an actual business case example where the business need to produce a feature during an agile development cycle may have conflicted with security requirements? How was it resolved? - Security, code scanning (SAST and DAST) and code documentation is often viewed as a roadblock to developers but required for IT Audit and secure code development and deployment. Are these things truly at odds ... and if so, how do you resolve the need to continuously produce code with the need to also maintain a high level of security with code for new platform features checked-in during the latest sprint? Do you find there is a learning cycle for new development team members to adopt your internal secure coding standards and tools? If so, typically how long does it take? How is QA/Testing automated or streamlined so that all pertinent security requirements are considered and tested during relevant sprint cycle changes? What should IT Auditors be looking for as part of due diligence to determine whether a new healthcare app has been securely designed? How does this process differ when new features are added to an existing application? Are there specific reports that either development or QA should be expected to deliver to support the case that security has been appropriately addressed?