A DevSecOps Maturity Model in 7 Words
By Derek Weeks
2 minute read time
A few weeks ago, I delivered a lightning talk (5 minutes, 20 slides, auto-advancing every 15 seconds) at DevOps Enterprise Summit.
The talk was inspired by a conversation I had with Navin Vembar about a DevSecOps Maturity Model his organization developed at the U.S. Government Services Administration (GSA). While several DevSecOps maturity models exist, Navin's started with seven important words that made all of the difference.
Take 5 minutes to watch this lightning talk now to learn how and why he used the words, "Not considered viable for a DevSecOps platform":
At the end of this presentation, I offered the audience a number of links that we're tied to my out of office address there. Because my out of office message is no longer on, I have copied all of the links you will need here:
Navin Vembar’s DevSecOps Maturity Model from the U.S. General Services Administration
Here are four additional DevSecOps maturity models:
- https://www.sans.org/summit-
archives/file/summit-archive- 1510001450.pdf - https://www.slideshare.net/
AmazonWebServices/leveraging- cloud-transformation-to-build- a-devops-culture-aws-public- sector-summit-2016 - https://www.slideshare.net/
shannonlietz/isaca-ireland- keynote-2015 - https://www.slideshare.net/
DevOpsWebinars/security-at- the-speed-of-software- development
Also, for the latest in DevSecOps blogs and event updates, I invite you to visit:
I hope Navin's insights and seven key words can help you on your DevSecOps journey.
Written by Derek Weeks
Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.
Explore All Posts by Derek Weeks