The CISO's Guide for Implementing DevSecOps in the Enterprise
Chapter Summary
Frans van Kessel
Chief Digital Officer @ APG
DevSecOps at APG
In this chapter Frans van Kessel, Chief Digital Officer at APG, shares his perspective of DevOps and DevSecOps not being separate destinations, but rather a journey towards improving security in the development process. Frans states that it is crucial to establish DevOps first, giving teams the autonomy to operate within provided frameworks. The integration of security into pipelines must then follow, with a shift towards addressing security earlier in the software development lifecycle. DevOps engineers must own the responsibility for the security of their products, with a hacker mindset critical to creating secure applications. Establishing dedicated health teams for each value stream, in conjunction with a central health team, can help manage and resolve security conflicts.
To enable a security-first mindset, organizations should prioritize security awareness training, e-learning, secure software development training, boot camps, gamification, challenges, and a Security First program. Continuous learning is also important, and organizations should facilitate this by enabling employees to take secure digital safety steps themselves.
Finally, van Kessel describes that by taking these steps, organizations can move towards a culture of DevSecOps that prioritizes security while continuing to improve and evolve their development processes.
BIO
Frans van Kessel works at the All Pensions Group. As the largest pension provider in the Netherlands, APG provides the pension for 4.8 million participants and manages more than 625 billion euros in assets. With approximately 3,000 employees, the financial institution operates from Heerlen, Amsterdam, Brussels, New York, Hong Kong, Shanghai and Beijing.
Frans has been with the company for no less than 40 years, making him a true APG ambassador. As Digital Officer, his primary focus area is digital security, supporting APG to achieve its digital ambitions. After all, the world is becoming increasingly digital and in order to continue to exploit the opportunities of digitization, cybersecurity has become extremely important. In this digital age, security can no longer be taken for granted.
Two current programs that Frans is particularly proud of in his leading role are:
- Threat intelligence-based ethical red teaming (TIBER), which strengthens the security and resilience of the organization and its live operational systems by simulating realistic attacks.
- Security First, which scales up essential security capabilities to a higher level through a range of initiatives to achieve business and IT objectives regarding digital safety and to improve and further expand the overall digital agility.
About the Book
As a leading provider of DevSecOps services, DevOn has seen firsthand how organizations can benefit from these transformations. But despite the widespread adoption of DevSecOps, there are still many misconceptions about what it is and what it can help you achieve. In this book, we address common concerns and misconceptions about DevSecOps, drawing on the insights of technology leaders from a variety of European organizations.
If you’re a modern-day leader looking to assess your organization’s performance or embark on a DevSecOps transformation, this book is a must-read. With the help of Irfaan Santoe, Rahul Sah, and Markus van Duijn, we’ve gathered the perspectives of 10 technology leaders from leading organizations to provide a comprehensive understanding of the current state and future of DevSecOps. Don’t miss out on the opportunity to gain valuable insights and learn from their organizations' performance.
Book Launch Event
About the Authors
Irfaan Santoe
Irfaan is a CISO, an Entrepreneur in InfoSec, and a Thought Leader in secure DevOps. He is on a mission to close the gap between the IT world of Development, Operations, and Security. Irfaan is the OWASP Chapter Leader in the Netherlands and actively contributes to open-sourcing security.
Rahul Sah
The Global CEO of DevOn, a technology consulting and software delivery organization, Rahul is passionate about helping organizations accelerate their journey toward high-performance enterprises.
Markus van Duijn
A DevOps enthusiast with 15 years of experience in agile, CI/CD, DevOps, security and leadership, Markus has seen firsthand how DevOps gets companies to a higher level by coaching, teaching, and experiencing DevOps principles
LEARN HOW THESE FRONTRUNNERS USE DEVSECOPS
DevSecOps Visions from
10 European Information Security Leaders
Gain Insights from Information Security Leaders. Click on photos to read Speaker Chapters.
Security Director @ Philips
CISO @ Van Lanschot Kempen
"Implementing DevSecOps in the Enterprise: A Guide for CISOs" BOOK
TAP INTO OUR EXPERTISE & RECEIVE YOUR COMPLIMENTARY COPY!
Find motivation and receive tailored advice in just 15 minutes!!
Explore Our Bestselling Book Collections
