2025-10-09 –, Belvedere II/ Community, Contribution & the Future
When encryption is everyone's job, it is no one's responsibility.
Who's in charge of encryption in DevOps? A simple question but rather challenging to implement. Tools are there, but lacking the understanding of 'why' largely contributes to this challenge. This presentation aims to bring a level of clarity to garner corporate buy-in. FedRAMP can be leveraged as a transformative tool in getting this accomplished.
Developers focus on features and functions delivery. Only until the last 10 years has security been part of the DevOps discussion. SAST and DAST test security holes in codes. But implementation of encryption for data at rest and in transit is not considered security holes. So who is responsible?
This presentation shows the challenges and purposes FedRAMP can be leveraged as a forcing function to overcome these challenges.
Bernie Leung is a Distinguish architect. He has over 20 years experience in cybersecurity. In the last 10 years, he has led the building and operating of multiple FedRAMP / FISMA systems. His hands-on experience in running these systems from inception to operation is invaluable in bringing practical security conversations to corporate business leaders.