This document provides information about Nadira Bajrei and the DevSecOps Indonesia community. It includes: - Background on Nadira Bajrei as the Regional Director of Hysn Technologies and leader of the DevSecOps Indonesia community. - An overview and purpose of the DevSecOps Indonesia community which has over 1000 members and discusses application security on Telegram. - A history of meetups held by the community from August 2019 to the planned meetups for 2020, including host organizations and speakers. - A call for hosts, speakers, and volunteers to get involved with upcoming meetups. - Information on how the community has collaborated with various organizations and a description of building a

1. Nadira, DevSecOps Indonesia Community Leader
1 Year Journey DevSecOps Indonesia

2. ABOUT ME
•Regional Director Hysn Technologies and Practical DevSecOps
•DevSecOps Indonesia Community Leader
•Speaker, Trainer & Independent Consultant.
•Speaker at DevSecCon Singapore
•9 years experience Governance, Risk and Compliance Area
•Passionate on building community
•Love travelling and networking
•Contact me
•Linkedin : bajrei.nadira@gmail.com
•Telegram : nadirabajrei
•Twitter :@nadirabajrei1
Nadira Bajrei

3. Purpose
Rule
Value
Community for open discussion on application security
No rules but please avoid spamming
Share, Learn and Respect each other opinion
ABOUT DEVSECOPS INDONESIA
Since 02 November 2018 | 1068 Members
Join us on Telegram : DevSecOpsIndonesia

4. DevSecOps Meetup History
1 2 3 4 5
August 2019
Host : Bank Mandiri
Participant : 103 person
Speaker :
1. Suman Sourav (VP
Security Lazada
2. Amien Harisen (CEO
Tjakrabirawa)
September 2019
Host : PT. Megaxus
Participant : 45 person
Speaker :
1. Rusdi Rachim (CISO
Indosat)
2. Vandy (VP Security
Bukalapak
October 2019
Host : BukaLapak
Participant : 34 person
Speaker :
1. Mohammed A.
Imran (CTO Practical
DevSecOps
2. Vandy (VP Security
Bukalapak
November 2019
Host : tiket.com
Participant : 80 person
Speaker :
1. Erick (Cyber Security
Consultant KPMG)
2. Ari apridana (IT
Security tiket.com)
December 2019
Host : Indosat
Participant : - person
Speaker :
1. Joko Moro (GRC
Blibli)
2. Nadira (Reg, Dir
Hysn Tech)

5. 2020 Meetup Plan
6 7 8 9 10
January 2020
Host : blibli.com
Participant : -
Speaker : -
11
February 2020
Host : Delloite Consulting
Participant : -
Speaker : -
March 2020
Host : F5
Participant : -
Speaker : -
April 2020
Host : -
Participant : -
Speaker : -
May 2020
Host : -
Participant : -
Speaker : -
Juni 2020
Host : -
Participant : -
Speaker : -
What DevSecOps Indonesia Need?
•Call for Host
•Call for Speaker
•Call for Volunteer
Please reach me out to my email: bajrei.nadira@gmail.com or telegram: @nadirabajrei

6. DevSecOps Indonesia
Collaborate with
Agile community
Bank Mandiri

7. DevSecOps Indonesia
Collaborate with
PT. Megaxus Infotech

8. DevSecOps Indonesia
Collaborate with
bukalapak.com

9. DevSecOps Indonesia
Collaborate with
tiket.com

10. Our Hosts
Many more…

11. Nadira, Regional Director Hysn Technologies
How to build the right culture

12. What is DevSecOps?
Why DevSecOps is Important?
How to implement DevOps Values?
DevOps Increases Agility & Stability
QnA
Agenda
2
1
3
4
5

13. What is DevSecOps?1

14. What is DevSecOps?
•In simple words its about bringing security practices into
DevOps
•Security is everybody responsibility (Dev, Ops, Sec)
•What is DevOps then?
•A Cultural and professional movement that stresses
communication, collaboration and integration between
software developers and IT Operations and other
professionals while automating the process of software
delivery and infrastructure changes.

15. to build on the mindset that ‘everyone is responsible for security’
with the goal of safely distributing security decisions at speed and scale to
those who hold the highest level of context without sacrificing the safety
required.

16. DevOps will complement Agile to break the “silos” and achieve better Business-IT
Alignment, increased delivery certainty and faster speed to market and deliver more
secure application.
W
a
l
L
W
a
l
L
W
a
l
L
Customers Development IT Operations IT Security
Wanting
Flexibility
Wanting
Change
Wanting
Stability
Wanting
Security
Create Flexibility
Improve time to market
Create Stability
Enhance Services
Create Security
Enhance security service
Security as a code
Create effective
change
Add/modify features
DevsecopsDevOpsAgile Dev

17. OperateBuild Integrate Test Deploy Release
Agile Development
Continuous Integration
Continuous Delivery
Continuous Deployment
DevOps/DevSecOps
Business
decision to go
live
Security as a code
Shift left security testing

18. Why DevSecOps is Important?2

19. DEV/OPS/SEC
100 10 1/ /

20. DevSecOps Benefit?

21. How to implement DevOps Values?
Agenda
3

22. C A
L
M
S
Culture
Culture change is never
easy, but without culture
change all practices fail
Automation
Automation alone
cannot give you
DevOps - but cannot
succeed without it and
avoid tools that enforce
Lean
Creates more value for
customer with fewer
resources and less waste
Sharing
Sharing to enhance
collaboration and tight
integration between
business, developer,
operation and also
security
Measure
If you can’t measure it,
you can’t improve it
DevOps
Core
Values

23. Characteristic of DevOps Culture
• Shared vision, goals and
incentives
• Open, honest, two way
communication
• Collaboration
• Respect
• Trust
• Transparency
• Continues improvement
• Data driven
• Safe
• Reflection
• Recognition
C A
L
M
S
DevOps Values - Culture
*To achieve it we should Shifting
Thought, Behaviour, Built Culture
of Safe Failure and also culture of
Continues Improvement

24. Culture Change is never easy
1. You can’t change people, they
can only change themselves
2. Change almost takes longer and
costs more than expected
3. Stakeholder involvement is
critical
4. People who participate in what
and how to change decisions
are far more likely to accept
change
C A
L
M
S
DevOps Values - Culture

25. The Stages of Change Acceptance
C A
L
M
S
DevOps Values - Culture
Q: What is critical?
A: Communication
1. A DevOps culture requires timely
and effective communication
2. Shared a tools facilitate timely
and meaningful communication
• Chat platform
• Task managers
• Social tools
• Alert management tools
• Knowledge sharing platform

26. C A
L
M
S
DevOps Values - Automation
1. Architect before automating
2. Assess our existing tools and automation
capabilities
3. Identify critical gaps
4. Seek vendor for POC
5. Automate high value and repetitive work
6. Optimise workflow bottleneck
*Do not underestimate the effort and cost building toolchain from open source applications,
open source is not necessarily free, you need to modify the source fit to your needs*
Adopting automation we avoid tools that enforce silos
HOW?

27. Plan Operate
ObjectiveTools
DeployTestBuildDevelop
Agile - CI
DevSecOps
Backlog
grooming,
define user story,
burnt down
charts,
security
Requirement
Develop apps
and services
using version
control,
traceability, and
CI
Manage, track
and document
all changes to
application and
configuration
management
Automate test
script execution
including
regression, user
acceptance and
security
Deploy apps and
provision
environments using
automation &
standardised
configurations
Measure
performance of
environment and
application

29. Security within software lifecycle
OperatePlan Develop Test Deploy
Security Req. Source Code Review VA/Pentest SIEM
Security Hardening
Antivirus
Patch Management
Security Awareness
Security guy as SME

30. C A
L
M
S
DevOps Values - Lean
Muda - Waste
Simple statement to identify waste
“If you are not adding value , then you are adding
waste”
How we eliminating waste?
✓ Start finishing stop starting or limit WIP (work in
progress)
✓ Avoid hand-overs.
Mura - Reduce inconsistency
✓ Make everything as simple as possible
Muri – Overburden
Its represents the activities where processes, people, or
machines are pushed beyond a reasonable limit.
✓ Remove bottlenecks

32. DevOps Values - Measure
Speed Quality Stability Culture
Change Lead and
Cycle Times
Deployment frequency
Deployment Speed
Change failure rate
Deployment success
rate
Incidents and Defects
Mean time to detect
incident (MTTD)
Mean Time to Recover
(MTTR) - Component
Mean time to restore
service (MTRS) -
Service
Retention & loyalty
Engagement
Knowledge Sharing
Make it Visible, Enable Transparency
Use the same dashboard for Dev, Ops, Sec, even Business

33. DevOps Increases Agility & Stability4

34. High performing teams deploy more
frequently and have much faster
lead times
DevOps Increasing Agility & Stability
They makes changes with fewer
failures, and recover faster from failures
High performing team spend less
time fixing security issues
!
!
!

35. C A
L
M
S
Strategies for Building DevSecOps Culture
Develop a culture
✓ Embrace transparency & Openness
Establish strong feedback loop
✓ Facilitate team with collaboration platform
Create Security Champion
✓ Identify individuals that understand security within both the Dev and the
Ops groups.
Team Autonomy
✓ Successful DevSecOps leaders empower their teams and give them the
authority to determine many of their own processes and tools based on
their needs.
Put “Sec” In Silent
✓ Integrate “sec” aspect in the pipeline and please makes sure not stop the
build

36. QnA5