SlideShare a Scribd company logo

A Secure DevOps Journey

Sonatype
Sonatype

Presenter - Peter Chestna, Veracode If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and fromwaterfall to DevOps. We have learned a lot along the way and I’m eager to share the story. As you consider the shift from waterfall to agile, or agile to continuous deployment and eventually DevOps, there is more to think about than just architecture. Peter Chestna, the Director of Developer Engagement at Veracode, led Veracode’s own transition from Waterfall to DevOps and in turn has helped hundreds of customers do the same. Join us as Peter shares his own case study, how Veracode reengineered its own architecture but more importantly the overall process including team structure, the technologies to build a robust pipeline, security considerations and the cultural shifts required.

1 of 30
Download to read offline
November 15, 2016 A Secure DevOps Journey Peter Chestna, Director of Developer Engagement, Veracode
November 15, 2016
• Development methodologies used at Veracode – Waterfall, Agile, DevOps – People – Process – Technology – Security • Veracode’s journey – What did we change – What were the results Goals
• 2006 – Veracode founded/Waterfall • 2012 – Agile • 2013 – Purina • 2014 – Microservices • 2015 - DevOps Veracode Timeline
Felt like… Transformation – People/Org/Culture Management • Leading change • Organizational • Breaking the silos • New specialties • New skills – care & feeding • New expectations Individual • Uncertainty/fear/anger • Organizational • New manager • New team/peers • New skills – X-functional • New expectations
Looked like… Transformation - Process Most of the change occurred in Agile • Waterfall -> Agile was revolutionary • Agile -> DevOps was evolutionary • Like the Monty Python theory of dinosaurs
Waterfall Transformation - Technology Agile DevOps Not as big of a difference between stages Just more and more automation
There was Waterfall In the beginning…
Waterfall - Process Finding anything late creates a cycle of waste
O p e r a t i o n s S e c u r i t y Q u a l i t y D e v e l o p m e n t A r c h i t e c t u r e R e q u i r e m e n t s Waterfall - People
• Gantt charts • Text documents • Requirements • Architecture • Designs • Test plans • Manual tests • Manual deploy • Shell scripts • SQL cripts Waterfall - Technology Old School
Waterfall - Security Occurred during testing cycle Back end of process Mostly manual Unpredictable amount of work
Coming of Age: Agile
Agile - Process Copyright 2005, Mountain Goat Software
Agile - People Dev/QA ITDept OPS Org Security
Agile – Technology Initially
Agile – Security – Early Days 3 Build 4 Static Analysis Hardening Sprint 5 Security Results Security Results 2 Check in 1 Develop Agile Backlog
1 Develop 6 Static Analysis 7 Synchronize 4 Check in Static Analysis 3 Build & Test 2 Agile Backlog Agile – Security – Automated and Integrated 5 Build Nightly
Agile – Security is not limited to automation of static analysis! Security Champions Security Grooming (Requirements Review) Security as part of the Definition of Done Threat Modeling Secure Code Review Pen Testing Pre-Productions Dynamic Analysis
Agile - Culture clash between Dev, OPS and Security
We Have Arrived: DevOps
DevOps - Process
DevOps - People Break the Silos Reorganize Change the Culture
DevOps - Technology Automate! Automate! Automate! Feature switching for controlled rollout Rolling upgrades Zero downtime Make incremental changes
DevOps - Security
1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog DevOps – Security – Integrated into CD Pipeline Pass? 7 Synchronize No Yes 7 Deploy to Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Prod Per Check-in 5 Build CD Pipeline
Training (eLearning, instructor led, metadata driven) Static Application Security Testing + 3rd Party Risk Analysis Remediation and Mitigation Guidance Secure Code Reviews Manual Penetration Testing Red Team Activities Runtime Application Self Protection Dynamic Application Security Testing Plan Code Build Test Stage Deploy Monitor Threat Modeling Security Grooming Secure Design DevOps – Pervasive Security
This Is Our Journey • Revolution at the micro level • Evolution at the macro level Innovation • Always constructively dissatisfied • Hypothesize, prototype, measure • Sharpen the saw Continuous Improvement
November 15, 2016
Thank You w w w . v e r a c o d e . c o m @PeteChestna

Recommended

SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer Maor
DevSecCon
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
SeniorStoryteller
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
DevOps & Security: Here & Now
DevOps & Security: Here & NowDevOps & Security: Here & Now
DevOps & Security: Here & Now
Checkmarx
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
Stijn Muylle
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
Continuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConContinuous Security Testing - DevSecCon
Continuous Security Testing - DevSecCon
Stephen de Vries
 

Recommended

SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer Maor
DevSecCon
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
SeniorStoryteller
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
DevOps & Security: Here & Now
DevOps & Security: Here & NowDevOps & Security: Here & Now
DevOps & Security: Here & Now
Checkmarx
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
Stijn Muylle
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
Continuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConContinuous Security Testing - DevSecCon
Continuous Security Testing - DevSecCon
Stephen de Vries
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Cheah Eng Soon
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
DevSecOpsSg
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
Stephen de Vries
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Merging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveMerging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec Perspective
Abhay Bhargav
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASP
Priyanka Raghavan
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery World
Dinis Cruz
 
SecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot ArmySecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot Army
conjur_inc
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps
Felicia Haggarty
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
Qualitest
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized Applications
Soluto
 
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
Hui (Henry) Chen
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationBuilding a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot Application
VMware Tanzu
 
Owasp glue
Owasp glueOwasp glue
Owasp glue
Soluto
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Veracode
 
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 

More Related Content

What's hot

The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Cheah Eng Soon
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
DevSecOpsSg
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
Stephen de Vries
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Merging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveMerging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec Perspective
Abhay Bhargav
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASP
Priyanka Raghavan
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery World
Dinis Cruz
 
SecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot ArmySecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot Army
conjur_inc
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps
Felicia Haggarty
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
Qualitest
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized Applications
Soluto
 
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
Hui (Henry) Chen
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationBuilding a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot Application
VMware Tanzu
 
Owasp glue
Owasp glueOwasp glue
Owasp glue
Soluto
 

What's hot (20)

The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
Merging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveMerging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec Perspective
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASP
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery World
 
SecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot ArmySecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot Army
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized Applications
 
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationBuilding a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot Application
 
Owasp glue
Owasp glueOwasp glue
Owasp glue
 

Similar to A Secure DevOps Journey

A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Veracode
 
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
DevOps Swim Lanes - Silo Org Change Challenges
DevOps Swim Lanes - Silo Org Change ChallengesDevOps Swim Lanes - Silo Org Change Challenges
DevOps Swim Lanes - Silo Org Change Challenges
Paul Peissner
 
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are SecureSecurity & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Hawkman Academy
 
The Road to DevOps V3
The Road to DevOps V3The Road to DevOps V3
The Road to DevOps V3
Ahmed Misbah
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier
 
Continuous Delivery Distilled
Continuous Delivery DistilledContinuous Delivery Distilled
Continuous Delivery Distilled
Matt Callanan
 
Lap around ALM with Visual Studio and TFS 2013
Lap around ALM with Visual Studio and TFS 2013Lap around ALM with Visual Studio and TFS 2013
Lap around ALM with Visual Studio and TFS 2013
Paul Hacker
 
Xebia Masterclass Better-Faster-Smarter-with-DevOps
Xebia Masterclass Better-Faster-Smarter-with-DevOpsXebia Masterclass Better-Faster-Smarter-with-DevOps
Xebia Masterclass Better-Faster-Smarter-with-DevOps
Andja Bratić
 
State of Agile 2017
State of Agile 2017State of Agile 2017
State of Agile 2017
Tze Chin Tang
 
Agile, DevOps & Test
Agile, DevOps & TestAgile, DevOps & Test
Agile, DevOps & Test
Qualitest
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
Shannon Lietz
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
Shannon Lietz
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
Shannon Lietz
 
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Inspectie van het Onderwijs
 
What Does DevOps Culture Feel Like?
What Does DevOps Culture Feel Like?What Does DevOps Culture Feel Like?
What Does DevOps Culture Feel Like?
Matthew Skelton
 
DevOps: Hype or Hope
DevOps: Hype or HopeDevOps: Hype or Hope
DevOps: Hype or Hope
Tathagat Varma
 
DevOps Culture as a tool
DevOps Culture as a toolDevOps Culture as a tool
DevOps Culture as a tool
Dick Noort
 
DevOps for CTOs
DevOps for CTOsDevOps for CTOs
DevOps for CTOs
Burke Autrey
 

Similar to A Secure DevOps Journey (20)

A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
 
DevOps Swim Lanes - Silo Org Change Challenges
DevOps Swim Lanes - Silo Org Change ChallengesDevOps Swim Lanes - Silo Org Change Challenges
DevOps Swim Lanes - Silo Org Change Challenges
 
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are SecureSecurity & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
The Road to DevOps V3
The Road to DevOps V3The Road to DevOps V3
The Road to DevOps V3
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
Continuous Delivery Distilled
Continuous Delivery DistilledContinuous Delivery Distilled
Continuous Delivery Distilled
 
Lap around ALM with Visual Studio and TFS 2013
Lap around ALM with Visual Studio and TFS 2013Lap around ALM with Visual Studio and TFS 2013
Lap around ALM with Visual Studio and TFS 2013
 
Xebia Masterclass Better-Faster-Smarter-with-DevOps
Xebia Masterclass Better-Faster-Smarter-with-DevOpsXebia Masterclass Better-Faster-Smarter-with-DevOps
Xebia Masterclass Better-Faster-Smarter-with-DevOps
 
State of Agile 2017
State of Agile 2017State of Agile 2017
State of Agile 2017
 
Agile, DevOps & Test
Agile, DevOps & TestAgile, DevOps & Test
Agile, DevOps & Test
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
 
What Does DevOps Culture Feel Like?
What Does DevOps Culture Feel Like?What Does DevOps Culture Feel Like?
What Does DevOps Culture Feel Like?
 
DevOps: Hype or Hope
DevOps: Hype or HopeDevOps: Hype or Hope
DevOps: Hype or Hope
 
DevOps Culture as a tool
DevOps Culture as a toolDevOps Culture as a tool
DevOps Culture as a tool
 
DevOps for CTOs
DevOps for CTOsDevOps for CTOs
DevOps for CTOs
 

More from Sonatype

DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019
Sonatype
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
 
30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps
Sonatype
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps Survey
Sonatype
 
Starting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseStarting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the Enterprise
Sonatype
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandThe Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
Sonatype
 
DevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealDevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen Beal
Sonatype
 
Serverless and the Way Forward
Serverless and the Way ForwardServerless and the Way Forward
Serverless and the Way Forward
Sonatype
 
A Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizA Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward Ruiz
Sonatype
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Sonatype
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsCharacterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Sonatype
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Sonatype
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSS
Sonatype
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
Sonatype
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
Sonatype
 
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsGetting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with Jenkins
Sonatype
 
Modern Infrastructure Automation
Modern Infrastructure AutomationModern Infrastructure Automation
Modern Infrastructure Automation
Sonatype
 

More from Sonatype (20)

DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps Survey
 
Starting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseStarting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the Enterprise
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandThe Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
 
DevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealDevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen Beal
 
Serverless and the Way Forward
Serverless and the Way ForwardServerless and the Way Forward
Serverless and the Way Forward
 
A Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizA Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward Ruiz
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsCharacterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin Collins
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSS
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
 
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsGetting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with Jenkins
 
Modern Infrastructure Automation
Modern Infrastructure AutomationModern Infrastructure Automation
Modern Infrastructure Automation
 

Recently uploaded

First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
ShamsuddeenMuhammadA
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
abdulrafaychaudhry
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)
abdulrafaychaudhry
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
Alina Yurenko
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 

Recently uploaded (20)

First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 

A Secure DevOps Journey