Chris Reed - Eli Lilly
Mar 28, 2018
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail"
Security is often implemented through bolt-on assessments including periodic testing that only happens once in a release or even annually. Manual security processes can no longer keep up in today's fast paced world of agile development, devops and constant vulnerabilities. DevSecOps, or Security as Code, is an approach that allows security staff to multiply resources and increase agility and speed. Executed properly it also provides the audit trail necessary to demonstrate control even in the most rigorous regulatory environments. This session will explore this approach in the context of regulated medical device software. We'll explore the integration of Software Composition Analysis (3rd Party Open Source Libraries), Static Source Code Analysis, Dynamic Testing along with automated verification leveraged to reduce the risk of security failures in development and post-market/production operations.
About the Speaker
Chris Reed, Director of Product Cybersecurity at Eli Lilly and Company
Chris Reed leads the Cybersecurity Program for digital products at Eli Lilly and Company. He has been an information security practitioner for over 15 years including roles designing corporate security protection/detection/response systems, managing security operations, applying security architecture at enterprise scale, leading vendor assessments, leading pen testing and developing security standards and policy. Currently he is focused on establishing the Product Cybersecurity Program including formalizing cybersecurity risk management to ensure adequate cybersecurity controls are designed into medical devices as well as establishing the necessary post-market practices of vulnerability management and incident response for Eli Lilly and Company.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...