Subscribe to Ground System Architectures Workshop RSS Feed    

GSAW 2019 Tutorials

Tutorial H

DevSecOps: Build Secure Deployment Pipeline to Deploy Secure Application


Half Day




1:00 – 4:30 P.M.


Workshop Outline

  • What is DevOps?
  • Organizational Needs and linking Business into DevOps
  • Secure DevOps
  • DevOps Pipeline Security,
    • Application Security
    • Security activities and automation techniques
    • OSS Dependency Management
  • Communication and Collaboration
    • Security culture
    • Effective communication amongst all stakeholders including security, compliance team
    • Micro learning culture on security
  • Infrastructure as Code
    • Environment hardening
    • Compliance check with IaC
    • First step to RMF/ATO
  • Continuous Integration & Testing
    • Automated Security Testing,
    • Application specific penetrating testing
    • Various Gateways on security testing and verification
  • Continuous Delivery/Deployment
    • Container Security
    • Authenticity of build and dependencies
    • Secure Deployment pipeline
  • Workshop Summary and Q/A


Hasan Yasar, Software Engineering Institute | Carnegie Mellon University


Hasan Yasar is the technical manager of the Secure Lifecycle Solutions group in the CERT Division of the Software Engineering Institute, Carnegie Mellon University. Hasan leads an engineering group on software development processes and methodologies, specifically on DevOps and development. Hasan has more than 25 years’ experience as senior security engineer, software engineer, software architect and manager in all phases of secure software development and information modeling processes. He is also specialized on secure software solutions design and development experience in the cybersecurity domain including data-driven investigation and collaborative incident management, network security assessment, automated and large-scale malware triage/analysis. He is also Adjunct Faculty member in CMU Heinz Collage and Institute of Software Research where he currently teaches “Software and Security” and “DevOps – Modern Deployment”.

Description of Intended Students and Prerequisites

There are not prerequisites for this course. It is recommended that participants have some experiences in the software development planning, delivering and deploying process.

What can Attendees Expect to Learn

Attendees will come away with a solid understanding of the realities of DevSecOps, from tools and techniques to culture and specific organizational business and operational needs. By focusing on common pitfalls and missteps, instructors will help attendees navigate the challenging tasks of adapting DevSecOps theories, practices, and tools to meet their particular business needs, security requirements and to provide measurable value to their organizations.
GSAW 2019 Tutorials