[Skip to Content]
ASBPE logo
 

Entry Details

About the Entry

Category: 
All Content > Case History > New England

Title of entry: 
Case study: Scaling DevSecOps at Comcast

Issue or Publication date:
May 10, 2022

Publication name: 
SearchSecurity

Publishing/parent company: 
TechTarget

View Website home page:
https://www.techtarget.com/searchsecurity/

About the Publication:

https://www.techtarget.com/searchsecurity/about

Description of the enterprising work that went into this entry and its significance or impact on readers:

For too long, cybersecurity has been an afterthought in software development, leading to hackable code and leaving the door open to catastrophic data breaches. DevSecOps is a philosophy that aims to change that flawed approach by weaving security into the development process from the inside out -- building it in, rather than bolting it onto already-finished software.
DevSecOps, however, is much easier said than done, as it requires radically changing longstanding habits and workflows. For this case study, we took a deep dive into an experimental DevSecOps pilot program at Comcast that ended up changing the way the telecommunications giant does business. We spoke to DevSecOps transformation architect Larry Maccherone about how his team of just 16 used both technology and soft skills to help Comcast developers build safer code -- resulting in 85% fewer security incidents.
One of the biggest DevSecOps challenges is scalability. Revamping the people, processes and tools within a single group of developers is one thing -- achieving consistent transformation across hundreds of disparate teams is another. So, we also outlined Maccherone's innovative coaching model, which allowed the pilot to grow to support about 300 Comcast development teams within just five years. At that point, the organization shut down its traditional application security program to pivot entirely to DevSecOps -- a move that also helped address ongoing cybersecurity staff shortages.
The story breaks down the coaching model logistics in detail to illustrate how other organizations can replicate Comcast's success with limited staff.

Links to entry URLs

Please note: These URLs are only required for entries in the Online division categories, or digital entries in appropriate Overall Excellence, Design or All Content division categories.

Entry URL(s), if applicable:
Please enter a URL that will direct judges to the entry: 
https://www.techtarget.com/searchsecurity/feature/Case-study-Scaling-DevSecOps-at-Comcast

Case study: Scaling DevSecOps at Comcast

Category

All Content > Case History > New England

Description

Publication name:
SearchSecurity

Publishing/parent company:
TechTarget

Winner Status

  • Regional Silver Award

Share