CyLab seminar: Noopur Davis

Please note that CyLab seminars are closed to the public and open to CyLab partners and Carnegie Mellon University faculty, students and staff.

Speaker: Noopur Davis, Executive Vice President, Chief Information Security and Product Privacy Officer, Comcast Corporation and Comcast Cable

Title: Comcast's Secure Development Lifecycle (SDL)–Building In Stronger Cybersecurity

At Comcast, one of our core cybersecurity principles is that it is best to build security into our products and services.  We have been on a multi-year journey to build security into our products from the beginning, instead of “bolting it on” at the end. In years past, product developers might build a new product or feature and then have the security engineers assess and review the product for potential problems. Today, we embed our security engineering efforts within the teams and at all levels of the company. This ensures that security is intrinsic to all product development activities. Our approach is also often called a Shift-Left or a DevSecOps approach. This includes secure architecture, designing, coding, testing, building, deploying, and operation.

To this end, we have developed the Comcast Secure Development Lifecycle (SDL) and a corresponding culture change management framework.  Our change management framework consists of five pillars of community, artisanship, practices, governance, and quantification. Currently, twelve engineering and operations practices are included in our Agile SDL, embedded in our CI/CD pipelines wherever appropriate. A team of coaches guide the work of the development teams.

In this seminar, we will share our SDL, lessons learned along our journey, results, and what’s next.

Noopur Davis is Executive Vice President, Chief Information Security and Product Privacy Officer, Comcast Corporation and Comcast Cable. In this role, she is responsible for overseeing the full range of cybersecurity functions for all Comcast Cable businesses, including all products and services delivered to our residential and business customers. Her responsibilities include product security and privacy, information and infrastructure security, data protection, security architecture and engineering, security operations and incident response, threat hunting, security intelligence and analytics, identity management, technical fraud, and the Legal Response Center.

Noopur joined Comcast from Intel, where she served as vice president of global quality for the Intel Security Group. Previously, she was a visiting scientist and senior member of technical staff at the Carnegie Mellon University Software Engineering Institute, a principal of management consulting firm Davis Systems, and held various leadership and technical positions in Fortune 500 companies such as Chrysler and Intergraph.

She is a champion of women in technology and serves on the advisory board of Comcast/NBCUniversal TechWomen. She is the recipient of the WICT/SCTE•ISBE/Cablefax Women in Technology and WeQual 2021 awards, and has been included on the Cablefax 100, Cablefax Diversity, Cablefax Most Powerful Women, and Top Women in Technology lists
multiple times.

Noopur holds a M.S. in computer science from the University of Alabama and a bachelor of electrical engineering from Auburn University. She is a member of the Institute of Electrical and Electronics Engineers (IEEE), the Association of Computing Machinery (ACM), and the Women in Cable Telecommunications (WICT).