In today’s time everyone will agree and we have enough data to prove that
1. Business demands software fast and frequent and secure
2. Technologies are growing at unprecedented rate
3. Organizations are operationally complex
4. Security is tough
5. Information security skill gap is real
6. Security budget is limited

We have several good content covering the importance of well-discussed trilogy - People, Process, Technology. In this talk I am going to do a deep dive into the cost aspect of a DevSecOps program and how we can optimize the limited resources to secure software faster and align with modern SDLC. The content of this talk will provide the guidelines with case-study to application security professionals to devise and adapt a DevSecOps program aligning to their organization business needs.

Presentation Outline
1. Challenges - First I will describe the challenges of making and keeping a software secure in the modern software development lifecycle.
2. Methodology - DevSecOps is the only way to ship softwares quickly while staying secure and compliant. I will present approaches, learnings and experiences of real-world DevSecOps programs I have been part of.
3. Cost Analysis - In this section, I will do a deep dive into the cost of each activity mentioned in the above section providing the OpEx and CapEx analysis from both tools and people perspective.
4. Role of Metrics - I will have a separate section for the role of metrics in a successful and scalable DevSecOps program and how they help to sell the program to leadership.
5. Optimization Tips & Techniques - Last, I will share tips and techniques both technical and non-technical to optimize the resources and reduce the cost to achieve more with less. I will present a case-study of automation, self-service security services, removal of false-positives with contextual analysis and open source solutions utilization.