Working Group
DevSecOps
This group defines best practices and provides guidance and playbooks to help teams implement security into their DevOps process.
View Current ProjectsSix Pillars of DevSecOps
Working Group Co-Chairs

Chris Kirschke
Cloud Portfolio Information Security Officer at Albertsons Companies
Security Leader with over 20+ years of experience across Financial Services, Streaming, Retail and IT Services with a heavy focus on Cloud, DevSecOps and Threat Modeling. Advises multiple security startups on Product Strategy, Alliances and Integrations. Sits on multiple Customer Advisory Boards helping to drive security product roadmaps, integrations and feature developments. Avid hockey player, backpacker and wine collector in his spare t...

Sam Sehgal
Sam is the program leader and a distinguished engineer in the security organization at Dell. Sam has extensive experience with the modern secure DevOps practices needed to govern product and application security programs. He currently leverages his skills at Dell and leads the DevSecOps program. In this role, he focuses on DevSecOps security and architecture, as well as Secure Development Lifecycle (SDL) automation.

Kapil Bareja
Global Technical Manager
Thought Leader with over 18+ years of experience in various disciplines of Information Security specializing in Cloud based security solutions, Identity and Access Management, Privacy and Data Protection. Kapil is serving as Chapter Chair for IAPP New Jersey local chapter and member for Chief Privacy officers council. He is also an Advisory board member for VigiTrust and Sovrin. He is advisor chair to Advanced Technology Academic R...
Publications in Review | Open Until |
---|---|
CCPA - CSA Code of Conduct Gap Resolution | Apr 10, 2023 |
Understanding Cloud Attack Vectors | Apr 28, 2023 |
CCMV4-Lite | May 15, 2023 |
Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline | Jun 01, 2023 |
Who can join?
Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.
What is the time commitment?
The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.
Virtual Meetings
Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.
Mar
29
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
Apr
4
Pillar 2 - Collaboration and Integration
This is a subgroup meeting for volunteers interested in contributing as a subject matter expert to the Pillar 2 whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Pillar 2, you can safely ignore this meeting.
Apr
5
Privacy Collaboration - Continued Discussions
Apr
5
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
Apr
6
Core Group - CSA DevSecOps
Apr
12
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
Apr
18
Pillar 2 - Collaboration and Integration
This is a subgroup meeting for volunteers interested in contributing as a subject matter expert to the Pillar 2 whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Pillar 2, you can safely ignore this meeting.
Apr
19
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
Apr
26
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
May
2
Pillar 2 - Collaboration and Integration
This is a subgroup meeting for volunteers interested in contributing as a subject matter expert to the Pillar 2 whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Pillar 2, you can safely ignore this meeting.
May
3
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
May
4
Core Group - CSA DevSecOps
May
10
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
May
16
Pillar 2 - Collaboration and Integration
This is a subgroup meeting for volunteers interested in contributing as a subject matter expert to the Pillar 2 whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Pillar 2, you can safely ignore this meeting.
May
17
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
May
24
Privacy By Design Subgroup
This call is a subgroup meeting for volunteers interested in contributing as subject matter experts to the Privacy By Design whitepaper. For the general working group meetings, please see "Core Group - CSA DevSecOps" on the public calendar: https://csaurl.org/devsecops-calendar
If you aren't interested in contributing to Privacy By Design, you can safely ignore this meeting.
- Meeting Invite:
https://cloudsecurityalliance.zoom.us/j/82830636850?pwd=SVF4b3BoMUpldDBUYkxwWTlIeVRhdz09 - Rolling Agenda:
Privacy By Design - Rolling Agenda & Meeting Minutes - Draft Documents:
Privacy by Design Draft Documents Folder
Open Peer Reviews
Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.