How can large organizations move the needle on compliance, audit, and security standards in CICD pipelines when you have over 20,000 source-code projects? How can these standards be made highly visible, so developers are aware of them earlier in the software delivery process to ensure code and pipelines are compliant? How can you drive organizational alignment on these compliance standards that will impact every engineering team within the organization? How does an organization's culture adapt to this new way of integrated compliance standards within the software development lifecycle?

Over the past year, Northwestern Mutual has been tackling these problems head-on. We identified existing compliance gaps in our pipelines by deep-diving into data and visualizing the results. We pushed to gain organizational alignment - bringing together leaders across many verticals to take action. We acknowledged the reality that given certain scenarios, engineering teams would need short-term exceptions to certain compliance requirements - and we created a custom solution to address that need. Finally - we visualized all compliance and exception data in Grafana for clear transparency of organizational progress.

Join this session to hear about how Northwestern Mutual dramatically changed the way we're working to automatically integrate compliance requirements into every single CICD pipeline in Technology.