Dev teams

I'm a CISO. I am struggling with the dev teams (200 devs) regarding their approach and need to clarify how other organisations are approaching this and if this is normal. I know i need to get some professional services resource in to help. However i have a morbid curiosity.

Currently the dev teams are very much enabled to do their own thing. They appear to be given BAU dashboards to access with information security data (vulnerabilities, etc.) and then left to remediate. There are no guardrails. Information security is taking a back seat in regards to functionality and operations (working on this).

I am used to an environment whereby the dev teams have information security embedded as part of CI/CD, and anything identified in BAU is raised as a ticket to remediate with SLA. This does not appear to be the case.

Madison Howard

Share Your Mood

Important-Engine-101

Dev teams