Johnstown, PA July 25, 2018

Lucas Truax, Frank Cameron, and I presented at BSides Pittsburgh on June 22nd. BsidesPgh is a volunteer-run information security conference that has grown to an annual attendance of over 200 cybersecurity professionals from across the state of PA, WV, and Ohio. The Security BSides organization is a global series of community-driven conferences presenting a wide range of information security topics. Our presentation was titled "RMF in a DevOps World! aka "He’s dead Jim!”

Our presentation was focused on the integration and use of the Risk Management Framework (RMF) with a relatively new concept referred to as DevOps.  The term DevOps is a portmanteau of the words development and operations and has come to represent the goal of increasing automation throughout the software design life cycle. The goal of rapid deployment may seem to run counter to the goal of security and the ability to ‘bake’ security in from the beginning. The integration of cybersecurity is essential to the constantly changing threats posed to software applications and information systems.

In order to address the shifting landscape and help keep information systems in a continual state of protection, the federal government introduced the Risk Management Framework (RMF) several years back. RMF is a six-step process focused on better-securing networks and information systems by introducing the concepts of continuous system security via constant monitoring, assessing, and testing of controls.