Under the high patronage of his majesty the King Mohammed VI
Devoxx Morocco 2022 🇲🇦 October 4-6, Taghazout Agadir, Morocco.
Follow Us On
Under the high patronage of his majesty the King Mohammed VI
Devoxx Morocco 2022 🇲🇦 October 4-6, Taghazout Agadir, Morocco.

Speaker details

Souhail Guennouni
INWI

Souhail has 14+ years of international experience in large scale IT solutions delivery and transformation across the US, Europe, Middle east and Africa. Souhail holds a PhD. in Artificial intelligence and specialized in legacy systems transformation, software engineering craftsmanship and distributed systems.

With the rise of the cloud and edge computing, security incidents and breaches have grown exponentially. Thus, cybersecurity has become a principal concern for many technology leaders.

In a typical DevOps approach, security is not involved till the final phases of software product releases. This practice shows its limitations and led to increased iterations, vulnerabilities and delays in the software products and hence impacts the cost and time to market.

DevSecOps promises the involvement and automation of security checks in every stage of a DevOps pipeline.

However, adopting a DevSecOps approach is not limited to tooling but to:

-      Create security awareness among all the squad members.

-      Introduce a “security first” culture in different phases of the development.

-      Promote the idea that security is the responsibility of all.

-      Introduce security champions into the different squads.

-      Integration of attack scenarii in each sprints’ backlog.

-      Limit the attack surface of the application.


This presentation will focus on how to transition from a typical DevOps pipeline into a DevSecOps one. We will also discuss the various benefits that can be achieved from this transformation.

Then we will shed some light on some of the open source tooling for DevSecOps and the cultural/organizational evolutions needed in order to get most of the benefit out of this approach.

More