Tim-adjusted-ppt-1-1.pptx

•Download as PPTX, PDF•

0 likes•4 views

RazaMehmood7

DevOPS Time Adjusted

Technology

Shift
Security
Everywhere
DevSecOps SKILup Day
17-September, 2020
Tim Johnson

2
Controversial Statement
DevSecOps doesn’t exist - or shouldn’t

3
The “traditional” view of Security
DEV TES
T
PRE PROD
SEC

4
The “Shift Left” view of Security
DEV TEST PRE PROD
SEC

7
The “Shift Security Left” Fallacy
What
about
this side?

9
Delivery Exposures
Wrong Thing Released

10
Delivery Exposures
Wrong Thing Released
Unknown Changes

11
Delivery Exposures
Wrong Thing Released
Unknown Changes
Manual Steps

12
Delivery Exposures
Wrong Thing Released
Deployment Failure
Unknown Changes
Manual Steps

14
The DORA Metrics
MTTD MTTR
We found a problem! We fixed the problem!

15
The Scary Part
MTTD MTTR
We found a problem! We fixed the problem!
EXPOSURE

16
The New Metric - MTTMitigate
MTTD MTTR
We found a problem!
We fixed the problem!
MTTM
We turned it off
- or -
Rolled it back

17
The Updated DORA Metrics
MTTD = MTTM
MTTR
We found a problem!
And
We instantly;
Turned it off
- or -
Rolled it back
We fixed the problem!

20
A: Everywhere!
Development
Delivery
Production

21
Secure in Development
Development
The right people are making the right changes
The right sets of tests were performed
The code passed our thresholds

22
Secure in Delivery
Development
Delivery
The right people are making the right changes
The right sets of tests were performed
The code passed our thresholds
Immutable pipeline & components
Changes detected, analyzed, approved
Automated everything - no manual steps
Automatic rollback on failure

23
Secure in Production
Development
Delivery
Production
The right people are making the right changes
The right sets of tests were performed
The code passed our thresholds
Immutable pipeline & components
Changes detected, analyzed, approved
Automated everything - no manual steps
Automatic rollback on failure
Bill of materials
Instant mitigation without redeployment
Graceful recovery and rollbacks
Integrated and automated

24
Want to know more?
www.cloudbees.com/solutions/devs
ecops

Similar to Tim-adjusted-ppt-1-1.pptx

Speed with confidence

DevSecOps

Sattose 2020 presentation

Céline Deknop

Stress-free Continuous Delivery Using Sensible Information Radiators

Vivek Ganesan

mri-bp2015

Keith Swenson

Forget the “Unicorns.” There is a lot to learn from “DevOps Unicorns” such as Etsy or Facebook, but for enterprises dealing with technical debt in legacy systems developed by teams no longer with the company, copying the unicorns is not an option. Richard Dominguez, Operations Developer at Prep Sportswear, needed to “keep the lights on” for their legacy systems, while enabling his DevOps teams to launch new features much faster. Today Prep Sportswear releases more updates to their legacy systems than ever before by reducing MTTR (Mean Time To Repair), giving them more time to innovate on DevOps and Continuous Delivery on their new platform. You’ll learn: • Top metrics for an Ops dashboard to catch potential issues early • Tips to manage technical debt in legacy code caused by dev teams long gone • Efficient ways to close loops while providing input to DevOps so they can optimize innovation and releases

How to Better Manage Technical Debt While Innovating on DevOps

Dynatrace

These are the slides of my JavaOne presentation. The abstract goes like this: How do companies developing business-critical Java enterprise Web applications increase releases from 40 to 300 per year and still remain confident about a spike of 1,800 percent in traffic during key events such as Super Bowl Sunday or Cyber Monday? It takes a fundamental change in culture. Although DevOps is often seen as a mechanism for taming the chaos, adopting an agile methodology across all teams is only the first step. This session explores best practices for continuous delivery with higher quality for improving collaboration between teams by consolidating tools and for reducing overhead to fix issues. It shows how to build a performance-focused culture with tools such as Hudson, Jenkins, Chef, Puppet, Selenium, and Compuware APM/dynaTrace

JavaOne - Performance Focused DevOps to Improve Cont Delivery

Andreas Grabner

Testing, Learning and Professionalism — 20171214

David Rodenas

StarWest 2013 Performance is not an afterthought – make it a part of your Agi...

Andreas Grabner

Damon Edwards, co-founder of Rundeck, presentation at Nike internal DevOps Day in Beaverton, OR on June 18, 2018. This talk looks at the forces that fundamentally undermine operations work and what needs to be addressed if enterprises are going to get the most out of their digital transformation and DevOps initiatives. See a Demo of Rundeck Enterprise : https://www.rundeck.com/see-demo --or-- Download Rundeck Open Source here: https://rundeck.com/open-source Connect: Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck Github: https://github.com/rundeck/rundeck/issues Twitter: https://twitter.com/Rundeck Facebook: https://www.facebook.com/RundeckInc/ LinkedIn: www.linkedin.com › company › rundeck-inc

Modern Operations: Solving DevOps’ Last Mile Problem

Rundeck

Devops is a Security Requirement

Kris Buytaert

A Big Dashboard of Problems.pdf

TravisMcPeak1

Deepfence.pdf

Vishwas N

Continuous Delivery and Automated Operations on k8s with keptn

Andreas Grabner

Normal accidents and outpatient surgeries

Jonathan Creasy

Even test-driven development or an automated Jenkins pipeline doesn’t guarantee issue-free production operations. Nothing is immune to spike in traffic or unforeseen infrastructure issues. To increase resilience, we see a trend in applying a shift-left approach to the SRE (Site Reliability Engineering) discipline. SREs are contributing their “auto remediation as code” assets to the code repositories which get automatically built and tested in CI/CD and enable automated problem remediation in production. In this session we showcase Shift-Left SRE by leveraging Ansible on OpenShift to automate remediation of production issues based on full stack monitoring data.

Shift-left SRE: Self-healing on OpenShift with Ansible

Jürgen Etzlstorfer

Presentation by Damon Edwards, co-founder of Rundeck at USENIX LISA in San Francisco, CA on November 3, 2017 See a Demo of Rundeck Enterprise : https://www.rundeck.com/see-demo --or-- Download Rundeck Open Source here: https://rundeck.com/open-source Connect: Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck Github: https://github.com/rundeck/rundeck/issues Twitter: https://twitter.com/Rundeck Facebook: https://www.facebook.com/RundeckInc/ LinkedIn: www.linkedin.com › company › rundeck-inc

Failure Happens: Improving Incident Response In Enterprises

Rundeck

A Machine Learning approach to predict Software Defects

Chetan Hireholi

Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

EnergySec

Five Flute is an issues management app that helps engineers develop better products with less effort. You can think of it like Github issues for hardware teams. We help teams of mechanical and electrical engineers reduce the coordination and communication effort during development by giving them one place for tracking and managing design and development issues, and then keeping these issues connected to the parts, assemblies and physical hardware they impact. Teams that use Five Flute keep move faster with fewer mistakes and keep everyone on the same page regarding engineering decisions. Use it for requirements management, design reviews, test planning, bug tracking, and as a hardware specific to-do list. It's super flexible.

Five Flute Overview

William Burke

Presentation by Damon Edwards, co-founder of Rundeck, at Interop ITX 2019 Las Vegas Ticket-driven request queues have become the default way of working in operations for a long time and are the cornerstone of most operations management and ITSM strategies. But what if ticket queues are actually the source of much of the dysfunction, bottlenecks, and capacity issues that have traditionally plagued our organizations? This session will examine the dark side of ticket queues, including hidden costs and how they undermine DevOps and SRE transformations. Then we’ll explore alternative strategies high-performing operations organizations use to minimize dependence on tickets queues.

Tickets Make Operations Work Unnecessarily Miserable

Rundeck

Similar to Tim-adjusted-ppt-1-1.pptx (20)

Speed with confidence

Sattose 2020 presentation

Stress-free Continuous Delivery Using Sensible Information Radiators

mri-bp2015

How to Better Manage Technical Debt While Innovating on DevOps

JavaOne - Performance Focused DevOps to Improve Cont Delivery

Testing, Learning and Professionalism — 20171214

StarWest 2013 Performance is not an afterthought – make it a part of your Agi...

Modern Operations: Solving DevOps’ Last Mile Problem

Devops is a Security Requirement

A Big Dashboard of Problems.pdf

Deepfence.pdf

Continuous Delivery and Automated Operations on k8s with keptn

Normal accidents and outpatient surgeries

Shift-left SRE: Self-healing on OpenShift with Ansible

Failure Happens: Improving Incident Response In Enterprises

A Machine Learning approach to predict Software Defects

Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

Five Flute Overview

Tickets Make Operations Work Unnecessarily Miserable

Recently uploaded

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Architecting Cloud Native Applications

WSO2

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

ICT role in 21st century education and its challenges

rafiqahmad00786416

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Architecting Cloud Native Applications

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Artificial Intelligence Chap.5 : Uncertainty

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

How to Troubleshoot Apps for the Modern Connected Worker

Six Myths about Ontologies: The Basics of Formal Ontology

Elevate Developer Efficiency & build GenAI Application with Amazon Q

ICT role in 21st century education and its challenges

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Vector Search -An Introduction in Oracle Database 23ai.pptx

Tim-adjusted-ppt-1-1.pptx

1. Shift Security Everywhere DevSecOps SKILup Day 17-September, 2020 Tim Johnson

2. 2 Controversial Statement DevSecOps doesn’t exist - or shouldn’t

3. 3 The “traditional” view of Security DEV TES T PRE PROD SEC

4. 4 The “Shift Left” view of Security DEV TEST PRE PROD SEC

5. 5 The Continuous DevOps process

6. 6 The “Shift Security Left” Fallacy

7. 7 The “Shift Security Left” Fallacy What about this side?

8. Delivery Security

9. 9 Delivery Exposures Wrong Thing Released

10. 10 Delivery Exposures Wrong Thing Released Unknown Changes

11. 11 Delivery Exposures Wrong Thing Released Unknown Changes Manual Steps

12. 12 Delivery Exposures Wrong Thing Released Deployment Failure Unknown Changes Manual Steps

13. Production Security

14. 14 The DORA Metrics MTTD MTTR We found a problem! We fixed the problem!

15. 15 The Scary Part MTTD MTTR We found a problem! We fixed the problem! EXPOSURE

16. 16 The New Metric - MTTMitigate MTTD MTTR We found a problem! We fixed the problem! MTTM We turned it off - or - Rolled it back

17. 17 The Updated DORA Metrics MTTD = MTTM MTTR We found a problem! And We instantly; Turned it off - or - Rolled it back We fixed the problem!

18. Shifting Security Everywhere

19. 19 Q: Where does DevSecOps fit?

20. 20 A: Everywhere! Development Delivery Production

21. 21 Secure in Development Development The right people are making the right changes The right sets of tests were performed The code passed our thresholds

22. 22 Secure in Delivery Development Delivery The right people are making the right changes The right sets of tests were performed The code passed our thresholds Immutable pipeline & components Changes detected, analyzed, approved Automated everything - no manual steps Automatic rollback on failure

23. 23 Secure in Production Development Delivery Production The right people are making the right changes The right sets of tests were performed The code passed our thresholds Immutable pipeline & components Changes detected, analyzed, approved Automated everything - no manual steps Automatic rollback on failure Bill of materials Instant mitigation without redeployment Graceful recovery and rollbacks Integrated and automated

24. 24 Want to know more? www.cloudbees.com/solutions/devs ecops

25. Thank You

Tim-adjusted-ppt-1-1.pptx

Recommended

Recommended

More Related Content

Similar to Tim-adjusted-ppt-1-1.pptx

Similar to Tim-adjusted-ppt-1-1.pptx (20)

Recently uploaded

Recently uploaded (20)

Tim-adjusted-ppt-1-1.pptx