“DevOps” is an IT and web development movement more commonly associated with the private than the public sector. With a strong focus on process improvement to optimize the application development pipeline, DevOps allows big and small companies alike to deliver web applications with previously unimaginable speed and reliability, at frequencies sometimes shorter than a day. At first glance, such agility may seem incompatible with government IT security requirements based on layers of strong security controls and careful, methodical development and deployment processes. DevOps also commonly employs open source software, which faces new questions in light of recently discovered serious security vulnerabilities such as Heartbleed and Shellshock. This session will look at how DevOps concepts such as continuous integration and tools, and technologies including Jenkins, Git, Puppet, and Docker, can actually be used together effectively to not only streamline application delivery, but also to enhance overall security, compliance with government standards, and our ability to manage potential security threats by increasing automation and fostering collaboration between developers, system administrators, and security professionals.

Key Takeaways

  1. In the government, web security is compatible with speed and agility.
  2. When it comes to GovOps web application security, technology, teamwork, communication and commitment are equally important for success. The latest, greatest software tools are only a building block.
  3. In GovOps, new open source technologies together with open communication and open thinking offer significant benefits in web security by increasing visibility into our development processes and operations practices and our ability to shape and improve them.

Conference event time: 

  • 8:00 a.m. - 12:00 p.m. (Morning sessions)
Tuesday, September 22, 2015


  • Enchantment C-D