ChaptersEventsBlog
We're exploring how organizations adapt IAM to AI. Take the AI Identity and Risk Readiness Survey by September 5 →

Working Group

DevSecOps

This group defines best practices and provides guidance and playbooks to help teams implement security into their DevOps process.
View Current Projects
Six Pillars of DevSecOps
Six Pillars of DevSecOps

Download

Working Group Overview

Our working group discusses the DevSecOps. We welcome anyone who would like to join, even if you would like to just listen-in on your first call.

What do we discuss? During these meetings we typically discuss changes in the industry that relate to DevOps, and collaborate on projects the group is currently working on.

This working group meets every other week. To find out more about participating email support@cloudsecurityalliance.org or sign up here: https://csaurl.org/devsecops-signup

Drafts & Important Docs

Looking for additional information?

Scroll down below for the working group calendar, whitepaper drafts, and other information!

Working Group Co-Chairs

Roupe Sahans
Roupe Sahans

Roupe Sahans

DevSecOps Leader

Roupe leads DevSecOps delivery and thought leadership for technology and media clients embracing digital transformation.

Roupe started his DevOps journey in 2016, building containerised microservices on AWS for government platforms. He has since been working with engineers to c-suite executives to embed security and resilience into digital products, secure cloud services, and reduce cyber technical-debt.

Most recently Roupe ha...

Read more

Abdul Sattar Headshot Missing
Abdul Sattar

Abdul Sattar

Publications in ReviewOpen Until
Data Security within AI EnvironmentsAug 29, 2025
AICM Auditing GuidelinesSep 03, 2025
A Practitioner’s Guide to Post-Quantum CryptographySep 17, 2025
Cloud Threat Modeling 2025Sep 19, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

Sep

4

Thu, September 4, 8:30am - 9:00am PDT
CSA DevSecOps WG - MLOps Papers Working Session
See details
CSA DevSecOps Working Group


This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


We meet every other Thursday at 8:30am Pacific Time.


Writing will mostly be done asynchronously between meetings.

Useful links:

    Sep

    18

    Thu, September 18, 8:30am - 9:00am PDT
    CSA DevSecOps WG - MLOps Papers Working Session
    See details
    CSA DevSecOps Working Group


    This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


    We meet every other Thursday at 8:30am Pacific Time.


    Writing will mostly be done asynchronously between meetings.

    Useful links:

      Oct

      2

      Thu, October 2, 8:30am - 9:00am PDT
      CSA DevSecOps WG - MLOps Papers Working Session
      See details
      CSA DevSecOps Working Group


      This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


      We meet every other Thursday at 8:30am Pacific Time.


      Writing will mostly be done asynchronously between meetings.

      Useful links:

        Oct

        16

        Thu, October 16, 8:30am - 9:00am PDT
        CSA DevSecOps WG - MLOps Papers Working Session
        See details
        CSA DevSecOps Working Group


        This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


        We meet every other Thursday at 8:30am Pacific Time.


        Writing will mostly be done asynchronously between meetings.

        Useful links:

          Open Peer Reviews

          Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

          Learn how to participate in a peer review here.

          Data Security within AI Environments

          Open Until: 08/29/2025

           AI’s demand for large and diverse datasets introduces significant cybersecurity risks across the entire data lifecycl...

          AICM Auditing Guidelines

          Open Until: 09/03/2025

          Auditing steps for each of the 243 controls of the AI Controls Matrix for internal or external auditors that are going to e...

          A Practitioner’s Guide to Post-Quantum Cryptography

          Open Until: 09/17/2025

          As quantum computing advances, the threat it poses to classical cryptographic algorithms becomes increasingly urgent. This ...

          Cloud Threat Modeling 2025

          Open Until: 09/19/2025

          The purpose of this document is to enable and encourage effective threat modeling for cloud applications, services, and sec...