►
Description
Fireside Chat with the industry leader, Paysafe , on the topic of "Transforming Product Development with DevSecOps - Accelerating Speed, Enhancing Security, and Ensuring Compliance.
A
Welcome
to
the
stage,
thank
you
they're
about
to
close
the
doors,
but
but
let
people
come
in,
let's
not
keep
anyone
out,
hi
everyone,
my
name
is
The
Host
called
the
stage.
I
know
we're
competing
with
six
six
different
rooms
today.
So
thank
you
for
for
choosing
us
for
Sports
10
a.m.
Session.
This
morning,
you
probably
don't
need
to
know
much
about
me
other
than
the
fact
that
I've
been
a
fan.
Services
banking
enjoy
tech
for
the
last
20
years.
A
My
profiles
on
on
the
app
and
on
the
website
and
they've
asked
me
to
request
you
to
please
download
it.
It's
it's
called
money
next
and
it's
it's
great
for
networking
as
well
as
snooping
up
on
on
speaker,
bios
speaking
of
speakers.
Our
first
event
today
is
a
fireside
chat
and
it's
all
about
transforming
product
development
with
delves
X
rating
speed,
enhancing
security
and
ensuring
compliance.
A
C
D
So
I'm
also
an
Enterprise
solution.
Architect
I
become
my
professional
Journey
back
then
in
time
as
a
graphical
developer,
and
then
business
process
analysts
from
Master
and
delivery
manager.
My
primary
focus
lies
in
the
automation
of
various
sdlc
and
security
controls
and
Gates,
and
the
streamlining
of
repetitive
tasks,
both
efficiency,
productivity
and
deviant
Authority.
But
apart
from
only.
C
C
You
know
the
development
process
for
that
geography,
technology
where
the
product
is
developed
or
incremented
in
iterations,
our
developers
work
in
cross-functional
teams
to
ensure
that
all
quality
and
security
are
integrated
throughout
the
entire
development
cycle.
It's
important
to
mention
that
automated
security
testing
is
integral
part
of
the
process.
C
Quality
analysis,
software
composition,
analysis,
thus
sold
them
in
order
to
ensure
that
potential
security
vulnerabilities
enforce
are
identified
early
in
the
process.
When
we
also
promote
the
filter
of
continuous
department
and
delivery,
and
once
the
products
are
delivered
to
production
environments,
we
employ
continuous
monitoring
tools
to
track
the
performance,
availability
and
security
of
the
system.
In
real
time.
C
C
Collection
were
very
strenuous,
given
the
range
of
tools
in
use,
so
GitHub
definitely
helped
us
to
address
those
shortcomings
and
to
speed
up
our
application.
Development
with
features
like
the
automated
Five,
Points
and
basically
concept,
and
one
specific
example
that
I
can
give
is
our
move
from
manual
to
automate
requirement
management
before
deep
work,
we
used
to
maintain
over
a
thousand
cicd
PowerPoints,
which
are
required
to
have
one
of
the
same
change
to
be
manually
replicated
to
environmental
jobs.
C
C
C
We
address
this
by
gathering
a
team
of
volunteering
developers
through
all
our
business
units
and
product
areas.
They
were
responsible
for
building
the
end-to-end
Powerpoints,
with
all
the
security
and
code
quality
checks
implemented
into
them,
sick
and
what
things
were
responsible
for
validating
and
approving
the
pipelines.
In
this
way,
we
achieve
the
segregation
of
Duties
Principle
as
well
the
volunteering
developers
they
they
became
Champions
and
spread
to
the
knowledge
of
their
peers.
C
We
didn't
have
one
Central
team
responsible
for
migrating
the
actual
project
of
all
things.
Dev
teams
were
responsible
to
migrate
their
project
and
services
they
that
their
own,
for
example,
with
Team
matters
installing
and
microservices.
Then
it
is
the
responsibility
of
Team
Applause
to
migrator
to
people.
So
in
this
way,
we
achieved
in
a
short
for
the
deaths
together,
further
deeper
understanding
about
the
pipelines
and
cardale
parade
and
as
a
side
effect.
We
are
just
a
very
fast
migration
to
Hitler
intended
into
people,
and
how
did
you
enable
those
teams?
D
C
B
C
B
D
About
security,
you
can
never
be
as
creative
as
the
social
seeking
salvation
people
are
actually
quite
ingenious
and
crafty
trying
to
change
the
system
and
to
offend
the
rules,
but
even
with
the
best
intentions,
people
are
prone
to
wearers
and
oversized.
So
many
oversight
alone
is
talking
about
to
handle
the
scale
and
complexity
of
modern
software
development,
and
is
our
organizations
grew
and
our
development
teams
expand
compliance
with
various
rules.
Norms
and
regulations
is
becoming
more
and
more
challenging.
What
is
more,
new
security,
vulnerabilities
and
threats
are
popping
up
constantly
and
respectively.
D
D
Another
important
aspect
is
that
we
managed
to
reduce
the
burden
out
of
the
Devils
guys
by
transferring
the
CI
pipeline
ownership
directly
to
the
dev
teams
teams.
So
the
quality
Gates
prevented
highly
busy
teams
like
devops
from
becoming
a
bottom
like
for
the
deployments,
and
they
also
reduce
the
chance
of
process
being
offended
and
also
the
drastically
speed
up
product
delivery
and
frequency
of
release.
D
Another
thing
that
worth
mentioning
is
having
this
security
scanners
built
inside
our
pipelines
is
drastically
shifting
compliance
left
from
the
very
first
first
code
commit,
and
it
also
helps
us
reduce
the
chance
of
high
severity
issues
escaping
into
production
that
might
be
really
exploited
and
what
else
yeah,
showing
our
Auditors
and
infosec
guys
that
we
have
transparent
and
automated
processes.
We
actually
demonstrate
our
commitment
towards
Quality,
Health
and
compliance,
and,
last
but
not
least,
very
important
thing.
The
huge
Getaway
on
our
site
was
the
establishment
of
the
continuous
deployment
process
yeah.
D
So
these
two
is
quite
interesting.
It
provides
something
like
a
snapshot
of
the
current
as
his
Quality
Health
power
applications.
It
is
constantly
monitoring
the
adherence
towards
our
preliminary
established
security
and
quality
Gates,
and
another
nice
thing
inside
is
the
notion
of
the
so-called
best
UC
score.
It
is
shown
over
there.
So
it's
an
average
population
based
on
the
whole
bundle
of
security
and
quality
criteria
that
that
is
being
measured
for
a
particular
service
and
only
for
service
gains.
100
percent
sdlc
score.
It
is
deemed
compliant
and
eligible
for
the
country,
employment
process.
D
What
does
that
imply?
It
means
that,
if
that
service
decreases
its
core,
for
example,
due
to
a
new
vulnerability
being
captured,
the
get
one
pipeline
will
automatically
prohibit
and
disable
the
continuous
deployment
option
for
that
service.
Ensuring,
of
course,
that
only
authorized
and
high
quality
code
is
being
deployed
to
production
automatically
so
to
wrap
the
whole
thing
up.
D
Which
provides
wide
range
of
security
capabilities
like
statical
analysis,
Dynamic,
Auto
analysis,
first
testing,
secret
detection,
infrastructures,
codes,
compliance,
fire
clients,
etc,
etc.
So
at
least
hope
bundle
will
help
us
further
benefit
from
the
shifted
back
to
community.
When
we
have
a
single
transparent,
you
have
positive
experience
and
embedded
security
trainings
as
well.
B
D
Yeah,
so
it's
quite
a
viral
topic
indeed,
so
we
are
also
excited
by
the
potential
benefits
that
AI
can
break
into
that.
That's
a
hopes.
It
can,
of
course,
help
us
automate
some
of
our
mundane
tasks.
It
can
help
our
developers
with
cold
suggestions,
but
cult
reviewers
suggestions
as
well
as
far
as
I
know,
they're
based
on
some
merch
requests
metadata.
D
D
Yeah,
so
if
you
imagine
the
GitHub
pipeline,
we
are
inviting
a
security
job
with
with
our
scans
inside
and
there's
one
job
called
sdlc
objects,
and
we
have
all
these
preliminary
established
Gates
being
we
should
have
two
culture
viewers,
for
example.
We
should
have
PCI
scope
being
set
into
for
our
particular
services,
so
there
are
verification
for
our
security
scanners,
etc,
etc.
So,
when
the
pipeline
runs,
these
jobs
are
being
checked
and
if
they
fail,
we
just
prohibit
the
country
service,
so
going
further
step
forward.
D
E
C
It
was
a
journey
so,
as
I
mentioned
prior
without
using
the
configuration,
is
called
capabilities,
for
example,
introducing
the
software
conversation
with
step
and
adjusting
with
the
pipeline.
We
needed
to
to
make
this
change
to
a
thousand
five
points.
Now
we
make
the
change
only
in
the
delivery
and
these
changes
automatically
propagated
to
all
the
services
and
projects
that
are
using
this
template,
I
and
so
I
can
tell,
because
I
was
involved
in
the
in
a
single
project
before
this
one.
It
took
like
two
years
just
to
integrate,
sustain
ACA
into
the
Five
Points.
D
F
E
C
Yeah,
in
our
case,
it
was
good
that
actually
we
moved
to
GitHub
was
Grassroots
project.
It
came
from
the
Developers
we're
playing
from
what
they
are
seeing,
so
we
we
first
moved
to
source
code
management
and
cicd
or
B12,
and
once
it
was
adopted
and
accepted
by
all
the
developers,
they
just
started
a
little
bit
complaining
when.
Why
do
we
have
third
party
other
parties,
security
software,
where
we
can
have.
C
Utilities
we
did
some
testing
POC
and
prove
that
we
do
up
Security
checks,
our
pipelines
from
24
minutes
faster,
which
is
important
increase,
and
not
only
the
developers,
but
the
management
is
also
working
for
for
this.
In
this
collaboration
in
a
single
platform,
so
we
kind
of
have
the
support
from
the
deaf
community.
So
this
really
helps
us.