Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series
06/29/2017

Integrating Security in DevOps

Hasan Yasar

Summary

The term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks to fast development and release. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. In this podcast, Hasan Yasar discusses how the Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems.

Watch

Listen

Player Not Available. Download Podcast.

Categories: Performance and Dependability

About the Speaker

Hasan Yasar

Hasan Yasar is the technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division. His group focuses on software development processes and methodologies, specifically on DevOps and development, and researches advanced image analysis, cloud technologies, and big data problems. It also provides expertise and guidance to SEI's clients. Yasar has more than 25 years’ experience as senior security engineer, software engineer, software architect, and manager in all phases of secure software development and information modeling processes. He has an extensive knowledge of current software tools and techniques. He is also specializes in secure software solutions design and development in the cybersecurity domain, including data-driven investigation and collaborative incident management, network security assessment, automated, large-scale malware triage/analysis, medical records management, accounting, simulation systems, and document management. He is also an adjunct faculty member in the CMU Heinz College and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.

His current areas of professional interest include the following:

  • secure software development including threat modeling, risk management framework and software assurance model
  • secure DevOps process, methodologies and implementation
  • software development methodologies (Agile, Safe, DevOps)
  • cloud based application development, deployment and operations
  • software architecture, design, develop and management of large-scale enterprise systems