• 5:00 PM - Check in and hang out
• 5:05 PM - Lean Coffee Chat/Presentation
• 5:25 PM - Lean Coffee Chat/Q+A
• 5:55 PM - Wrap up, Next month
• 6:00 PM - Adios!
TACO is an acronym Peter uses with clients to help them map controls from their software delivery pipelines to the organizational controls.
TACO stands for Traceability, Access, Compliance, and Operations.
The approach consists of a base list of 25 automatable controls that are documented and the control activity, artifacts and SOR identified. After mapping how these controls are handed we map them to the organizational controls and identify any gaps.
This model allows for the creation of opinionated pipelines and helps create a common understanding across teams as to what is required in order to be secure.
Taking a TACO approach can be considered a part of implementing a DevSecOps program and he’s used this approach at multiple banks.
During the talk, he’ll run through the different categories of controls, how they are implemented, what the purpose of them is, how to create robust feedback loops for controls such as SAST and how to handle long-running processes such as DAST.
Speaker: Peter Maddison
Peter Maddison is in the business of helping organizations introduce new ways of working. He is highly experienced in accelerating delivery practices and is equally comfortable talking about business strategy as he is talking about IT.
If you'd like to be a speaker: https://bit.ly/speakatdevopsto
If you'd like to sponsor a meetup: steveelsewhere [ at ] gmail.com