ChaptersEventsBlog
Join us on September 3rd for The Evolution of Cloud Network Security webinar. Register now!

Working Group

DevSecOps

This group defines best practices and provides guidance and playbooks to help teams implement security into their DevOps process.
View Current Projects
Six Pillars of DevSecOps
Six Pillars of DevSecOps

Download

Working Group Overview

Our working group discusses the DevSecOps. We welcome anyone who would like to join, even if you would like to just listen-in on your first call.

What do we discuss? During these meetings we typically discuss changes in the industry that relate to DevOps, and collaborate on projects the group is currently working on.

This working group meets every other week. To find out more about participating email [email protected] or sign up here: https://csaurl.org/devsecops-signup

Drafts & Important Docs

Looking for additional information?

Scroll down below for the working group calendar, whitepaper drafts, and other information!

Working Group Co-Chairs

Roupe Sahans
Roupe Sahans

Roupe Sahans

DevSecOps Leader

Roupe leads DevSecOps delivery and thought leadership for technology and media clients embracing digital transformation.

Roupe started his DevOps journey in 2016, building containerised microservices on AWS for government platforms. He has since been working with engineers to c-suite executives to embed security and resilience into digital products, secure cloud services, and reduce cyber technical-debt.

Most recently Roupe ha...

Read more

Abdul Sattar Headshot Missing
Abdul Sattar

Abdul Sattar

Publications in ReviewOpen Until
AICM Auditing GuidelinesSep 03, 2025
A Practitioner’s Guide to Post-Quantum CryptographySep 17, 2025
Cloud Threat Modeling 2025Sep 19, 2025
Key Management in Cloud Services 2025 Update Sep 26, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

Sep

4

Thu, September 4, 8:30am - 9:00am PDT
CSA DevSecOps WG - MLOps Papers Working Session
See details
CSA DevSecOps Working Group


This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


We meet every other Thursday at 8:30am Pacific Time.


Writing will mostly be done asynchronously between meetings.

Useful links:

    Sep

    18

    Thu, September 18, 8:30am - 9:00am PDT
    CSA DevSecOps WG - MLOps Papers Working Session
    See details
    CSA DevSecOps Working Group


    This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


    We meet every other Thursday at 8:30am Pacific Time.


    Writing will mostly be done asynchronously between meetings.

    Useful links:

      Oct

      2

      Thu, October 2, 8:30am - 9:00am PDT
      CSA DevSecOps WG - MLOps Papers Working Session
      See details
      CSA DevSecOps Working Group


      This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


      We meet every other Thursday at 8:30am Pacific Time.


      Writing will mostly be done asynchronously between meetings.

      Useful links:

        Oct

        16

        Thu, October 16, 8:30am - 9:00am PDT
        CSA DevSecOps WG - MLOps Papers Working Session
        See details
        CSA DevSecOps Working Group


        This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


        We meet every other Thursday at 8:30am Pacific Time.


        Writing will mostly be done asynchronously between meetings.

        Useful links:

          Oct

          30

          Thu, October 30, 8:30am - 9:00am PDT
          CSA DevSecOps WG - MLOps Papers Working Session
          See details
          CSA DevSecOps Working Group


          This is a working session to sync on the current MLOps whitepapers the DevSecOps working group is currently writing.


          We meet every other Thursday at 8:30am Pacific Time.


          Writing will mostly be done asynchronously between meetings.

          Useful links:

            Open Peer Reviews

            Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

            Learn how to participate in a peer review here.

            AICM Auditing Guidelines

            Open Until: 09/03/2025

            Auditing steps for each of the 243 controls of the AI Controls Matrix for internal or external auditors that are going to e...

            A Practitioner’s Guide to Post-Quantum Cryptography

            Open Until: 09/17/2025

            As quantum computing advances, the threat it poses to classical cryptographic algorithms becomes increasingly urgent. This ...

            Cloud Threat Modeling 2025

            Open Until: 09/19/2025

            The purpose of this document is to enable and encourage effective threat modeling for cloud applications, services, and sec...

            Key Management in Cloud Services 2025 Update

            Open Until: 09/26/2025

            This document is an updated edition of the original “Key Management in Cloud Services” paper, first published in 2020. ...