A DevSecOps Maturity Model in Seven Words

A few weeks ago, I delivered a lightning talk (5 minutes, 20 slides, auto-advancing every 15 seconds) at DevOps Enterprise Summit.

A conversation inspired the talk I had with Navin Vembar about a DevSecOps maturity model his organization developed at the U.S. Government Services Administration (GSA).  While several DevSecOps maturity models exist, Navin's started with seven important words that made all the difference.

Take 5 minutes to watch this lightning talk now to learn how and why he used the words, "Not considered viable for a DevSecOps platform":

At the end of this presentation, I offered the audience many links to my out of office address there. Because my out of office message is no longer on, I have copied all the links you will need here:

Navin Vembar’s DevSecOps Maturity Model from the U.S. General Services Administration

Here are four additional DevSecOps maturity models:

• https://www.slideshare.net/AmazonWebServices/leveraging-cloud-transformation-to-build-a-devops-culture-aws-public-sector-summit-2016

• https://www.slideshare.net/shannonlietz/isaca-ireland-keynote-2015

• https://www.slideshare.net/DevOpsWebinars/security-at-the-speed-of-software-development

I hope Navin's insights and seven key words can help you on your DevSecOps journey.