CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail

Chris Reed - Eli Lilly

Mar 28, 2018

Size: 301.2MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Security is often implemented through bolt-on assessments including periodic testing that only happens once in a release or even annually. Manual security processes can no longer keep up in today's fast paced world of agile development, devops and constant vulnerabilities. DevSecOps, or Security as Code, is an approach that allows security staff to multiply resources and increase agility and speed. Executed properly it also provides the audit trail necessary to demonstrate control even in the most rigorous regulatory environments. This session will explore this approach in the context of regulated medical device software. We'll explore the integration of Software Composition Analysis (3rd Party Open Source Libraries), Static Source Code Analysis, Dynamic Testing along with automated verification leveraged to reduce the risk of security failures in development and post-market/production operations.

About the Speaker

Chris Reed, Director of Product Cybersecurity at Eli Lilly and Company

Chris Reed leads the Cybersecurity Program for digital products at Eli Lilly and Company. He has been an information security practitioner for over 15 years including roles designing corporate security protection/detection/response systems, managing security operations, applying security architecture at enterprise scale, leading vendor assessments, leading pen testing and developing security standards and policy. Currently he is focused on establishing the Product Cybersecurity Program including formalizing cybersecurity risk management to ensure adequate cybersecurity controls are designed into medical devices as well as establishing the necessary post-market practices of vulnerability management and incident response for Eli Lilly and Company.



Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.