The CISO's Guide for Implementing DevSecOps in the Enterprise
Chapter Summary
Ard Westerik
CTO @ Royal HaskoningDHV
Tom Moekotte
ISO @ Royal HaskoningDHV
DevSecOps at Royal HaskoningDHV
This chapter contains the story of Ard Westerik (CTO) and Tom Moekotte (ISO) from Royal HaskoningDHV. When they joined the company, they were confronted with the question “how do we make security an integral part of development, and eliminate the notion of it being an add-on?” In this chapter, they will discuss the journey of Royal HaskoningDHV towards developing security capabilities in the software development lifecycle (SDLC).
The company has implemented risk assessment and internal auditing processes to identify threats and risks before they occur. These processes provide learning opportunities for the entire organization and allow the introduction or change of policies and practices to prevent future incidents. However, the company acknowledges that security measures should be implemented earlier in the development process. The company also aims to achieve more integrated and detailed reporting through real-time dashboards to measure progress and identify priorities for product owners.
Ard emphasizes the importance of identifying and sharing challenges to prioritize where to focus time, while Tom suggests focusing more on people rather than processes and tools. Tom believes that investing in bridging gaps and creating a stronger culture of security and interconnectedness among teams and communities is essential for success, and something they are working to improve.
BIO
Ard Westerik
Ard is the CTO for Royal HaskoningDHV’s Digital business line. Over the last 10 years of his professional career, he has been heavily involved in agility topics, starting out as General Manager at an IT incubator company supporting start-ups. This was followed by the role of IT Director for an education platform, where his focus was on releasing a new version to 1.2 million every three weeks while at the same time breaking down the monolith.
More recently, Ard fulfilled the role of Manager Software Development at NS where he became actively involved in Agile, LEAN, Continuous Delivery, and DevOps practices. This enabled him to further evolve into an Agile Leader instead of Manager. In his current role, he is continuing his journey to bridge IT and civil engineering.
Tom Moekotte
After completing two master’s degrees in the fields of Infrastructure Planning and Information Management, Tom started working at Royal HaskoningDHV in 2018. He fulfilled the roles of Geographical Information System (GIS) expert and quality assurer before taking on his current role: Information Security Officer for the Digital business line. This involves working closely with the corporate-level CISO and Ard, the department CTO. He is responsible for the planning and implementation of security policies, conducting asset classifications and risk assessments, and giving awareness sessions and training.
Tom believes that to stay on top of your risks, context and dialogue are key, and likes to focus on the human interaction and secure-by-design culture among colleagues. “You can have the best tools, processes, and techniques,” he says, “but humans remain our most valuable asset.”
Outside of work, Tom sings in various choirs as a tenor. These choirs have also given him the opportunity to go on plenty of international tours.
About the Book
As a leading provider of DevSecOps services, DevOn has seen firsthand how organizations can benefit from these transformations. But despite the widespread adoption of DevSecOps, there are still many misconceptions about what it is and what it can help you achieve. In this book, we address common concerns and misconceptions about DevSecOps, drawing on the insights of technology leaders from a variety of European organizations.
If you’re a modern-day leader looking to assess your organization’s performance or embark on a DevSecOps transformation, this book is a must-read. With the help of Irfaan Santoe, Rahul Sah, and Markus van Duijn, we’ve gathered the perspectives of 10 technology leaders from leading organizations to provide a comprehensive understanding of the current state and future of DevSecOps. Don’t miss out on the opportunity to gain valuable insights and learn from their organizations' performance.
Book Launch Event
About the Authors
Irfaan Santoe
Irfaan is a CISO, an Entrepreneur in InfoSec, and a Thought Leader in secure DevOps. He is on a mission to close the gap between the IT world of Development, Operations, and Security. Irfaan is the OWASP Chapter Leader in the Netherlands and actively contributes to open-sourcing security.
Rahul Sah
The Global CEO of DevOn, a technology consulting and software delivery organization, Rahul is passionate about helping organizations accelerate their journey toward high-performance enterprises.
Markus van Duijn
A DevOps enthusiast with 15 years of experience in agile, CI/CD, DevOps, security and leadership, Markus has seen firsthand how DevOps gets companies to a higher level by coaching, teaching, and experiencing DevOps principles
LEARN HOW THESE FRONTRUNNERS USE DEVSECOPS
DevSecOps Visions from
10 European Information Security Leaders
Gain Insights from Information Security Leaders. Click on photos to read Speaker Chapters.
Security Director @ Philips
CISO @ Van Lanschot Kempen
"Implementing DevSecOps in the Enterprise: A Guide for CISOs" BOOK
TAP INTO OUR EXPERTISE & RECEIVE YOUR COMPLIMENTARY COPY!
Find motivation and receive tailored advice in just 15 minutes!!
Explore Our Bestselling Book Collections
