SlideShare a Scribd company logo

Democratizing security

Sanjeev Sharma
Sanjeev Sharma

This document discusses democratizing security as the next frontier for DevSecOps adoption in enterprises. It covers evolving delivery practices like Agile, DevOps, and SRE. Democratizing involves making capabilities self-service, granting permission to act with guardrails, and building trust. This includes democratizing infrastructure, software delivery, data, and security by making them technology agnostic, self-service, and including them in the DevSecOps toolchain to improve applications, platforms, processes, and culture. Security chaos engineering and value stream mapping are also discussed as ways to identify vulnerabilities and inefficiencies to continuously improve operational readiness and adoption.

1 of 27
Download to read offline
COPYRIGHT © 2020 ACCELERATED STRATEGIES GROUP, INC. ALL RIGHTS RESERVED. Democratizing Security - the next frontier for DevSecOps adoption in the Enterprise Sanjeev Sharma, Principal Analyst
• 20+ Years experience in Software Development and Delivery, Cloud Adoption and Data Modernization • Led the Data Modernization Practice at Delphix • Driving the definition of ‘DataOps’ for Application Delivery, and AI and Machine Learning • IBM Distinguished Engineer, and IBM’s 1st CTO for DevOps Adoption owning the DevOps practice • Chair of the Architecture Review Board for IBM’s response to the DoD’s JEDI RFP • Conference Keynote speaker, Blogger, Podcaster and Vlogger • Author of two bestseller books: • DevOps For Dummies: https://ibm.biz/BdsPMX • The DevOps Adoption Playbook: http://amzn.to/2hH7rt2 All about me - Sanjeev Sharma
1. Evolution of Delivery Practices 2. Democratization of Application Delivery 3. Security Chaos Engineering 4. Value Stream Mapping Agenda
Evolution of Delivery Practices
SRE Agile DevOps Develop right things right Deliver with speed Deliver with Reliability Evolving Application Delivery from Agile to DevOps
Continuous Integration Continuous Delivery Shift Left Test Shift Left Ops Culture Development SCM Build Package Repo Deploy Testing Staging Production FeedbackPlanning Manage DevOps in a Nutshell: 1. Improve the Application/System being delivered 2. Improve the platform on which it is delivered 3. Improve the processes by which it is being delivered 4. Improve the culture of the organization delivering it DevOps
Why DevSecOps? Security concerns and challenges are growing $57M Google GDPR Fine 4700 Breaches in 2018 11 Bn Records exposed 2018 Becoming a custodian of user data is becoming a differentiator You are not our product. Our products are iPhones and iPads. We treasure your data. We wanna help you keep it private and keep it safe. - Tim Cook, CEO, Apple
Democratization
1874 - Solid Wood 1947 - Laminated Wood 1968 – Steel Racquet 1993 – Graphite Racquet 2008 – Aerodynamic Racquet Democratization of Technology
1. Self-service 2. Permission to act 3. Guardrails 4. Trust Tenets of Democratizing of IT Services
DevOps: Democratizing the Application Delivery Pipeline Democratize Infrastructure Democratize Software Delivery Democratize Data Democratize Security Application Delivery Practitioners
Democratizing Infrastructure with Cloud Become Technology Stack Agnostic Self-service Provisioning and Configuration Infrastructure as Code (IaaC) Elastic Services for on-demand scale Role Based Access Control Democratize Infrastructure 1. Improve the platform 2. Improve the processes 3. Improve the culture
Democratizing Software Delivery with DevSecOps Become Technology Stack Agnostic Make DevSecOps capabilities Self Service Integrated end-to-end toolchain Automated Testing and Validation Include Security in the DevSecOps toolchain Democratize Software Delivery 1. Improve the Application/System 2. Improve the processes 3. Improve the culture
Democratizing Data Democratize Data Become Data Source Agnostic Make Data Available Self Service Manage Data Like Code Mitigate Data Privacy & Compliance Risks Include Data Management in the DevSecOps toolchain 1. Improve the Application/System 2. Improve the platform 3. Improve the processes 4. Improve the culture
Democratizing Security Become Technology Stack Agnostic Make Security* Self Service Manage Security* Like Code Automate Mitigation of Security & Compliance Risks Include Security* in the DevOps toolchain Democratize Security * Security Implementation, Validation and Enforcement 1. Secure the Application/System 2. Secure the platform 3. Secure the processes 4. Secure the culture
Business Initiatives: Create New Revenue Streams Improve Quality Accelerate Time to Market Comply with Regulations The Challenge : High Complexity High Cost Multiple Demands High Complexity - Multiple Technology stacks - On Premises and Cloud - Departmental Silos - Legacy, Cloud-native, SaaS applications and services - Open-source sprawl High Cost - Compliance & Governance Policies - Regulatory overhead - Audit and Compliance overhead - Cybersecurity threat preparedness Multiple Demands - Business: Innovation and Monetization - Developers: Continuous Delivery - Analytics Teams: Massive, diverse data sets - Security Teams: Lack of talent and technology expertise
Security Chaos Engineering
One way to make sure you can deal with a flat tire on the freeway, in the rain, in the middle of the night is to poke a hole in your tire once a week in your driveway on a Sunday afternoon and go through the drill of replacing it. Chaos Engineering
Antifragile: Things that are neither fragile or robust, but rather thrive in chaos. Achieving Antifragility
The Chaos is Real https://www.sophos.com/en-us/medialibrary/PDFs/Whitepaper/sophos-exposed-cyberattacks-on-cloud-honeypots-wp.pdf
Security Chaos Engineering Security Chaos Engineering is the discipline of instrumentation, identification, and remediation of failure within security controls through proactive experimentation to build confidence in the system's ability to defend against malicious conditions in production.
Security Chaos Engineering implementation 1. End-to-end Continuous Instrumentation 2. Continuous Readiness Assessment 3. Continuous Security Gap Analysis 4. Automation to identify, detect, and remediate security failures 5. Focus on vulnerability and failure identification 6. Continuous improvement of Operational Readiness
Value Stream Mapping
Idea/Feature/Bug Fix/ Enhancement Production Development Build QA SIT UAT Prod PMO Requirements/ Analyst Developer CustomersLine of Business Build Engineer QA Team Integration Tester User/Tester Operations Artifact Repository Deployment Engineer Release Management Code Repository Deploy Get Feedback Infrastructure as Code/ Cloud Patterns Feedback Customer or Customer Surrogate Data Tasks Artifacts Value Stream Mapping to Identify: • Waste • Wait-States • Rework Value Stream Mapping to Develop an Adoption Roadmap
• Review the current state o Business goals, IT goals, current initiatives o Requirements o Environments o Repositories o Data Sources/Architecture o Roles / Organization o Metrics o Other • Prioritize Waste, Wait states and Rework • Create a first pass at a roadmap to address inefficiencies Next Step: DevOps Value Stream Mapping Workshop
Sanjeev Sharma sanjeev@accelst.com @sd_architect http://sdarchitect.blog http://accelST.com Contact
KNOWLEDGE WANTS TO BE FREE COPYRIGHT © 2020 ACCELERATED STRATEGIES GROUP, INC. ALL RIGHTS RESERVED

Recommended

My code, my environment, and yes, my data
My code, my environment, and yes, my dataMy code, my environment, and yes, my data
My code, my environment, and yes, my data
Sanjeev Sharma
 
DeliverAgile2018 - from Apollo 13 to Google SRE
DeliverAgile2018 - from Apollo 13 to Google SREDeliverAgile2018 - from Apollo 13 to Google SRE
DeliverAgile2018 - from Apollo 13 to Google SRE
Sanjeev Sharma
 
The Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOpsThe Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOps
Sanjeev Sharma
 
From Apollo 13 to Google SRE
From Apollo 13 to Google SREFrom Apollo 13 to Google SRE
From Apollo 13 to Google SRE
Sanjeev Sharma
 
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRECloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Sanjeev Sharma
 
How NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOpsHow NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOps
Sanjeev Sharma
 
Security and DevOps - Managing Security in a DevOps Enterprise
Security and DevOps - Managing Security in a DevOps EnterpriseSecurity and DevOps - Managing Security in a DevOps Enterprise
Security and DevOps - Managing Security in a DevOps Enterprise
Claudia Ring
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Sanjeev Sharma
 

Recommended

My code, my environment, and yes, my data
My code, my environment, and yes, my dataMy code, my environment, and yes, my data
My code, my environment, and yes, my data
Sanjeev Sharma
 
DeliverAgile2018 - from Apollo 13 to Google SRE
DeliverAgile2018 - from Apollo 13 to Google SREDeliverAgile2018 - from Apollo 13 to Google SRE
DeliverAgile2018 - from Apollo 13 to Google SRE
Sanjeev Sharma
 
The Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOpsThe Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOps
Sanjeev Sharma
 
From Apollo 13 to Google SRE
From Apollo 13 to Google SREFrom Apollo 13 to Google SRE
From Apollo 13 to Google SRE
Sanjeev Sharma
 
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRECloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Sanjeev Sharma
 
How NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOpsHow NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOps
Sanjeev Sharma
 
Security and DevOps - Managing Security in a DevOps Enterprise
Security and DevOps - Managing Security in a DevOps EnterpriseSecurity and DevOps - Managing Security in a DevOps Enterprise
Security and DevOps - Managing Security in a DevOps Enterprise
Claudia Ring
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Sanjeev Sharma
 
Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode DeployHybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Claudia Ring
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
Sanjeev Sharma
 
Mastering DevOps Automation: Webinar
Mastering DevOps Automation: WebinarMastering DevOps Automation: Webinar
Mastering DevOps Automation: Webinar
Claudia Ring
 
DevOps in the Hybrid Cloud
DevOps in the Hybrid CloudDevOps in the Hybrid Cloud
DevOps in the Hybrid Cloud
Richard Irving
 
The Future of DevOps and UrbanCode
The Future of DevOps and UrbanCodeThe Future of DevOps and UrbanCode
The Future of DevOps and UrbanCode
IBM UrbanCode Products
 
Bluemix DevOps Meetup
Bluemix DevOps MeetupBluemix DevOps Meetup
Bluemix DevOps Meetup
Kyle Brown
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudGartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid Cloud
Rosalind Radcliffe
 
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Chris Haddad
 
DevOps Thinking for the Line of Business
DevOps Thinking for the Line of BusinessDevOps Thinking for the Line of Business
DevOps Thinking for the Line of Business
Sanjeev Sharma
 
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Michael Elder
 
Cloud Native Operations
Cloud Native OperationsCloud Native Operations
Cloud Native Operations
Michael Mueller
 
Troubleshooting App Health and Performance with PCF Metrics 1.2
Troubleshooting App Health and Performance with PCF Metrics 1.2Troubleshooting App Health and Performance with PCF Metrics 1.2
Troubleshooting App Health and Performance with PCF Metrics 1.2
VMware Tanzu
 
Cloud With DevOps Enabling Rapid Business Development
Cloud With DevOps Enabling Rapid Business DevelopmentCloud With DevOps Enabling Rapid Business Development
Cloud With DevOps Enabling Rapid Business Development
Sam Garforth
 
Metrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessMetrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation Success
XebiaLabs
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
Siva Rama Krishna Chunduru
 
Continuous Delivery for cloud - scenarios and scope
Continuous Delivery for cloud - scenarios and scopeContinuous Delivery for cloud - scenarios and scope
Continuous Delivery for cloud - scenarios and scope
Sanjeev Sharma
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
VMware Tanzu
 
Accelerating Time to Market
Accelerating Time to MarketAccelerating Time to Market
Accelerating Time to Market
VMware Tanzu
 
IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps Workshops at IBM InterConnect 2017IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps
 
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
VMware Tanzu
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 

More Related Content

What's hot

Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode DeployHybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Claudia Ring
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
Sanjeev Sharma
 
Mastering DevOps Automation: Webinar
Mastering DevOps Automation: WebinarMastering DevOps Automation: Webinar
Mastering DevOps Automation: Webinar
Claudia Ring
 
DevOps in the Hybrid Cloud
DevOps in the Hybrid CloudDevOps in the Hybrid Cloud
DevOps in the Hybrid Cloud
Richard Irving
 
The Future of DevOps and UrbanCode
The Future of DevOps and UrbanCodeThe Future of DevOps and UrbanCode
The Future of DevOps and UrbanCode
IBM UrbanCode Products
 
Bluemix DevOps Meetup
Bluemix DevOps MeetupBluemix DevOps Meetup
Bluemix DevOps Meetup
Kyle Brown
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudGartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid Cloud
Rosalind Radcliffe
 
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Chris Haddad
 
DevOps Thinking for the Line of Business
DevOps Thinking for the Line of BusinessDevOps Thinking for the Line of Business
DevOps Thinking for the Line of Business
Sanjeev Sharma
 
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Michael Elder
 
Cloud Native Operations
Cloud Native OperationsCloud Native Operations
Cloud Native Operations
Michael Mueller
 
Troubleshooting App Health and Performance with PCF Metrics 1.2
Troubleshooting App Health and Performance with PCF Metrics 1.2Troubleshooting App Health and Performance with PCF Metrics 1.2
Troubleshooting App Health and Performance with PCF Metrics 1.2
VMware Tanzu
 
Cloud With DevOps Enabling Rapid Business Development
Cloud With DevOps Enabling Rapid Business DevelopmentCloud With DevOps Enabling Rapid Business Development
Cloud With DevOps Enabling Rapid Business Development
Sam Garforth
 
Metrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessMetrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation Success
XebiaLabs
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
Siva Rama Krishna Chunduru
 
Continuous Delivery for cloud - scenarios and scope
Continuous Delivery for cloud - scenarios and scopeContinuous Delivery for cloud - scenarios and scope
Continuous Delivery for cloud - scenarios and scope
Sanjeev Sharma
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
VMware Tanzu
 
Accelerating Time to Market
Accelerating Time to MarketAccelerating Time to Market
Accelerating Time to Market
VMware Tanzu
 
IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps Workshops at IBM InterConnect 2017IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps
 
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
VMware Tanzu
 

What's hot (20)

Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode DeployHybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
 
Mastering DevOps Automation: Webinar
Mastering DevOps Automation: WebinarMastering DevOps Automation: Webinar
Mastering DevOps Automation: Webinar
 
DevOps in the Hybrid Cloud
DevOps in the Hybrid CloudDevOps in the Hybrid Cloud
DevOps in the Hybrid Cloud
 
The Future of DevOps and UrbanCode
The Future of DevOps and UrbanCodeThe Future of DevOps and UrbanCode
The Future of DevOps and UrbanCode
 
Bluemix DevOps Meetup
Bluemix DevOps MeetupBluemix DevOps Meetup
Bluemix DevOps Meetup
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudGartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid Cloud
 
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
 
DevOps Thinking for the Line of Business
DevOps Thinking for the Line of BusinessDevOps Thinking for the Line of Business
DevOps Thinking for the Line of Business
 
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
Elevate Your Continuous Delivery Strategy Above the Rolling Clouds (Interconn...
 
Cloud Native Operations
Cloud Native OperationsCloud Native Operations
Cloud Native Operations
 
Troubleshooting App Health and Performance with PCF Metrics 1.2
Troubleshooting App Health and Performance with PCF Metrics 1.2Troubleshooting App Health and Performance with PCF Metrics 1.2
Troubleshooting App Health and Performance with PCF Metrics 1.2
 
Cloud With DevOps Enabling Rapid Business Development
Cloud With DevOps Enabling Rapid Business DevelopmentCloud With DevOps Enabling Rapid Business Development
Cloud With DevOps Enabling Rapid Business Development
 
Metrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessMetrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation Success
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
 
Continuous Delivery for cloud - scenarios and scope
Continuous Delivery for cloud - scenarios and scopeContinuous Delivery for cloud - scenarios and scope
Continuous Delivery for cloud - scenarios and scope
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
 
Accelerating Time to Market
Accelerating Time to MarketAccelerating Time to Market
Accelerating Time to Market
 
IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps Workshops at IBM InterConnect 2017IBM DevOps Workshops at IBM InterConnect 2017
IBM DevOps Workshops at IBM InterConnect 2017
 
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
 

Similar to Democratizing security

Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
Cisco DevNet
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Amazon Web Services
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Ravindu Fernando
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
DevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docxDevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docx
Xavor Corporation - Redefining Health Technology
 
The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docx
Xavor Corporation - Redefining Health Technology
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
Amazon Web Services
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container Adoption
Alex Rhea
 
Implementing Security on a Large Multi-Tenant Cluster the Right Way
Implementing Security on a Large Multi-Tenant Cluster the Right WayImplementing Security on a Large Multi-Tenant Cluster the Right Way
Implementing Security on a Large Multi-Tenant Cluster the Right Way
DataWorks Summit
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
LibbySchulze
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
James Wickett
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
lior mazor
 

Similar to Democratizing security (20)

Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
DevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docxDevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docx
 
The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docx
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container Adoption
 
Implementing Security on a Large Multi-Tenant Cluster the Right Way
Implementing Security on a Large Multi-Tenant Cluster the Right WayImplementing Security on a Large Multi-Tenant Cluster the Right Way
Implementing Security on a Large Multi-Tenant Cluster the Right Way
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 

More from Sanjeev Sharma

From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
From DevOps to DevSecOps: 2 Dimensions of Security for DevOpsFrom DevOps to DevSecOps: 2 Dimensions of Security for DevOps
From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
Sanjeev Sharma
 
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm KeynoteUnicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Sanjeev Sharma
 
IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise
Sanjeev Sharma
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterprise
Sanjeev Sharma
 
dev@InterConnect workshop - Lean and DevOps
dev@InterConnect workshop - Lean and DevOpsdev@InterConnect workshop - Lean and DevOps
dev@InterConnect workshop - Lean and DevOps
Sanjeev Sharma
 
OpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOpsOpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOps
Sanjeev Sharma
 
DTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect SessionDTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect Session
Sanjeev Sharma
 
Mobile to Mainframe - En-to-end transformation
Mobile to Mainframe - En-to-end transformationMobile to Mainframe - En-to-end transformation
Mobile to Mainframe - En-to-end transformation
Sanjeev Sharma
 
DevOps and Application Delivery for Hybrid Cloud - DevOpsSummit session
DevOps and Application Delivery for Hybrid Cloud - DevOpsSummit sessionDevOps and Application Delivery for Hybrid Cloud - DevOpsSummit session
DevOps and Application Delivery for Hybrid Cloud - DevOpsSummit session
Sanjeev Sharma
 
Using Lean Thinking to identify and address Delivery Pipeline bottlenecks
Using Lean Thinking to identify and address Delivery Pipeline bottlenecksUsing Lean Thinking to identify and address Delivery Pipeline bottlenecks
Using Lean Thinking to identify and address Delivery Pipeline bottlenecks
Sanjeev Sharma
 
DevOps 101 - IBM Impact 2014
DevOps 101 - IBM Impact 2014 DevOps 101 - IBM Impact 2014
DevOps 101 - IBM Impact 2014
Sanjeev Sharma
 
Enabling DevOps in the cloud - Federal Cloud Innovation Center
Enabling DevOps in the cloud - Federal Cloud Innovation CenterEnabling DevOps in the cloud - Federal Cloud Innovation Center
Enabling DevOps in the cloud - Federal Cloud Innovation Center
Sanjeev Sharma
 
Continuous Delivery to the cloud - Innovate 2014
Continuous Delivery to the cloud - Innovate 2014Continuous Delivery to the cloud - Innovate 2014
Continuous Delivery to the cloud - Innovate 2014
Sanjeev Sharma
 
IBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOpsIBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOps
Sanjeev Sharma
 
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
CampDevOps keynote - DevOps: Using 'Lean' to eliminate BottlenecksCampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
Sanjeev Sharma
 
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsIBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsSanjeev Sharma
 
Mobile to mainframe - Enterprise DevOps - MoDevEast Slides
Mobile to mainframe - Enterprise DevOps - MoDevEast SlidesMobile to mainframe - Enterprise DevOps - MoDevEast Slides
Mobile to mainframe - Enterprise DevOps - MoDevEast SlidesSanjeev Sharma
 
Applying DevOps for more reliable Public Sector Software Delivery
Applying DevOps for more reliable Public Sector Software DeliveryApplying DevOps for more reliable Public Sector Software Delivery
Applying DevOps for more reliable Public Sector Software Delivery
Sanjeev Sharma
 
(Japanese) From Continuous Integration to DevOps - Japan Innovate 2013
(Japanese) From Continuous Integration to DevOps - Japan Innovate 2013 (Japanese) From Continuous Integration to DevOps - Japan Innovate 2013
(Japanese) From Continuous Integration to DevOps - Japan Innovate 2013
Sanjeev Sharma
 
From Continuous Integration to DevOps - Japan Innovate 2013
From Continuous Integration to DevOps - Japan Innovate 2013From Continuous Integration to DevOps - Japan Innovate 2013
From Continuous Integration to DevOps - Japan Innovate 2013
Sanjeev Sharma
 

More from Sanjeev Sharma (20)

From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
From DevOps to DevSecOps: 2 Dimensions of Security for DevOpsFrom DevOps to DevSecOps: 2 Dimensions of Security for DevOps
From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
 
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm KeynoteUnicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
 
IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterprise
 
dev@InterConnect workshop - Lean and DevOps
dev@InterConnect workshop - Lean and DevOpsdev@InterConnect workshop - Lean and DevOps
dev@InterConnect workshop - Lean and DevOps
 
OpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOpsOpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOps
 
DTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect SessionDTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect Session
 
Mobile to Mainframe - En-to-end transformation
Mobile to Mainframe - En-to-end transformationMobile to Mainframe - En-to-end transformation
Mobile to Mainframe - En-to-end transformation
 
DevOps and Application Delivery for Hybrid Cloud - DevOpsSummit session
DevOps and Application Delivery for Hybrid Cloud - DevOpsSummit sessionDevOps and Application Delivery for Hybrid Cloud - DevOpsSummit session
DevOps and Application Delivery for Hybrid Cloud - DevOpsSummit session
 
Using Lean Thinking to identify and address Delivery Pipeline bottlenecks
Using Lean Thinking to identify and address Delivery Pipeline bottlenecksUsing Lean Thinking to identify and address Delivery Pipeline bottlenecks
Using Lean Thinking to identify and address Delivery Pipeline bottlenecks
 
DevOps 101 - IBM Impact 2014
DevOps 101 - IBM Impact 2014 DevOps 101 - IBM Impact 2014
DevOps 101 - IBM Impact 2014
 
Enabling DevOps in the cloud - Federal Cloud Innovation Center
Enabling DevOps in the cloud - Federal Cloud Innovation CenterEnabling DevOps in the cloud - Federal Cloud Innovation Center
Enabling DevOps in the cloud - Federal Cloud Innovation Center
 
Continuous Delivery to the cloud - Innovate 2014
Continuous Delivery to the cloud - Innovate 2014Continuous Delivery to the cloud - Innovate 2014
Continuous Delivery to the cloud - Innovate 2014
 
IBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOpsIBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOps
 
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
CampDevOps keynote - DevOps: Using 'Lean' to eliminate BottlenecksCampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
 
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsIBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
 
Mobile to mainframe - Enterprise DevOps - MoDevEast Slides
Mobile to mainframe - Enterprise DevOps - MoDevEast SlidesMobile to mainframe - Enterprise DevOps - MoDevEast Slides
Mobile to mainframe - Enterprise DevOps - MoDevEast Slides
 
Applying DevOps for more reliable Public Sector Software Delivery
Applying DevOps for more reliable Public Sector Software DeliveryApplying DevOps for more reliable Public Sector Software Delivery
Applying DevOps for more reliable Public Sector Software Delivery
 
(Japanese) From Continuous Integration to DevOps - Japan Innovate 2013
(Japanese) From Continuous Integration to DevOps - Japan Innovate 2013 (Japanese) From Continuous Integration to DevOps - Japan Innovate 2013
(Japanese) From Continuous Integration to DevOps - Japan Innovate 2013
 
From Continuous Integration to DevOps - Japan Innovate 2013
From Continuous Integration to DevOps - Japan Innovate 2013From Continuous Integration to DevOps - Japan Innovate 2013
From Continuous Integration to DevOps - Japan Innovate 2013
 

Recently uploaded

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 

Recently uploaded (20)

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 

Democratizing security

  • 1. COPYRIGHT © 2020 ACCELERATED STRATEGIES GROUP, INC. ALL RIGHTS RESERVED. Democratizing Security - the next frontier for DevSecOps adoption in the Enterprise Sanjeev Sharma, Principal Analyst
  • 2. • 20+ Years experience in Software Development and Delivery, Cloud Adoption and Data Modernization • Led the Data Modernization Practice at Delphix • Driving the definition of ‘DataOps’ for Application Delivery, and AI and Machine Learning • IBM Distinguished Engineer, and IBM’s 1st CTO for DevOps Adoption owning the DevOps practice • Chair of the Architecture Review Board for IBM’s response to the DoD’s JEDI RFP • Conference Keynote speaker, Blogger, Podcaster and Vlogger • Author of two bestseller books: • DevOps For Dummies: https://ibm.biz/BdsPMX • The DevOps Adoption Playbook: http://amzn.to/2hH7rt2 All about me - Sanjeev Sharma
  • 3. 1. Evolution of Delivery Practices 2. Democratization of Application Delivery 3. Security Chaos Engineering 4. Value Stream Mapping Agenda
  • 5. SRE Agile DevOps Develop right things right Deliver with speed Deliver with Reliability Evolving Application Delivery from Agile to DevOps
  • 6. Continuous Integration Continuous Delivery Shift Left Test Shift Left Ops Culture Development SCM Build Package Repo Deploy Testing Staging Production FeedbackPlanning Manage DevOps in a Nutshell: 1. Improve the Application/System being delivered 2. Improve the platform on which it is delivered 3. Improve the processes by which it is being delivered 4. Improve the culture of the organization delivering it DevOps
  • 7. Why DevSecOps? Security concerns and challenges are growing $57M Google GDPR Fine 4700 Breaches in 2018 11 Bn Records exposed 2018 Becoming a custodian of user data is becoming a differentiator You are not our product. Our products are iPhones and iPads. We treasure your data. We wanna help you keep it private and keep it safe. - Tim Cook, CEO, Apple
  • 9. 1874 - Solid Wood 1947 - Laminated Wood 1968 – Steel Racquet 1993 – Graphite Racquet 2008 – Aerodynamic Racquet Democratization of Technology
  • 10. 1. Self-service 2. Permission to act 3. Guardrails 4. Trust Tenets of Democratizing of IT Services
  • 11. DevOps: Democratizing the Application Delivery Pipeline Democratize Infrastructure Democratize Software Delivery Democratize Data Democratize Security Application Delivery Practitioners
  • 12. Democratizing Infrastructure with Cloud Become Technology Stack Agnostic Self-service Provisioning and Configuration Infrastructure as Code (IaaC) Elastic Services for on-demand scale Role Based Access Control Democratize Infrastructure 1. Improve the platform 2. Improve the processes 3. Improve the culture
  • 13. Democratizing Software Delivery with DevSecOps Become Technology Stack Agnostic Make DevSecOps capabilities Self Service Integrated end-to-end toolchain Automated Testing and Validation Include Security in the DevSecOps toolchain Democratize Software Delivery 1. Improve the Application/System 2. Improve the processes 3. Improve the culture
  • 14. Democratizing Data Democratize Data Become Data Source Agnostic Make Data Available Self Service Manage Data Like Code Mitigate Data Privacy & Compliance Risks Include Data Management in the DevSecOps toolchain 1. Improve the Application/System 2. Improve the platform 3. Improve the processes 4. Improve the culture
  • 15. Democratizing Security Become Technology Stack Agnostic Make Security* Self Service Manage Security* Like Code Automate Mitigation of Security & Compliance Risks Include Security* in the DevOps toolchain Democratize Security * Security Implementation, Validation and Enforcement 1. Secure the Application/System 2. Secure the platform 3. Secure the processes 4. Secure the culture
  • 16. Business Initiatives: Create New Revenue Streams Improve Quality Accelerate Time to Market Comply with Regulations The Challenge : High Complexity High Cost Multiple Demands High Complexity - Multiple Technology stacks - On Premises and Cloud - Departmental Silos - Legacy, Cloud-native, SaaS applications and services - Open-source sprawl High Cost - Compliance & Governance Policies - Regulatory overhead - Audit and Compliance overhead - Cybersecurity threat preparedness Multiple Demands - Business: Innovation and Monetization - Developers: Continuous Delivery - Analytics Teams: Massive, diverse data sets - Security Teams: Lack of talent and technology expertise
  • 18. One way to make sure you can deal with a flat tire on the freeway, in the rain, in the middle of the night is to poke a hole in your tire once a week in your driveway on a Sunday afternoon and go through the drill of replacing it. Chaos Engineering
  • 19. Antifragile: Things that are neither fragile or robust, but rather thrive in chaos. Achieving Antifragility
  • 20. The Chaos is Real https://www.sophos.com/en-us/medialibrary/PDFs/Whitepaper/sophos-exposed-cyberattacks-on-cloud-honeypots-wp.pdf
  • 21. Security Chaos Engineering Security Chaos Engineering is the discipline of instrumentation, identification, and remediation of failure within security controls through proactive experimentation to build confidence in the system's ability to defend against malicious conditions in production.
  • 22. Security Chaos Engineering implementation 1. End-to-end Continuous Instrumentation 2. Continuous Readiness Assessment 3. Continuous Security Gap Analysis 4. Automation to identify, detect, and remediate security failures 5. Focus on vulnerability and failure identification 6. Continuous improvement of Operational Readiness
  • 24. Idea/Feature/Bug Fix/ Enhancement Production Development Build QA SIT UAT Prod PMO Requirements/ Analyst Developer CustomersLine of Business Build Engineer QA Team Integration Tester User/Tester Operations Artifact Repository Deployment Engineer Release Management Code Repository Deploy Get Feedback Infrastructure as Code/ Cloud Patterns Feedback Customer or Customer Surrogate Data Tasks Artifacts Value Stream Mapping to Identify: • Waste • Wait-States • Rework Value Stream Mapping to Develop an Adoption Roadmap
  • 25. • Review the current state o Business goals, IT goals, current initiatives o Requirements o Environments o Repositories o Data Sources/Architecture o Roles / Organization o Metrics o Other • Prioritize Waste, Wait states and Rework • Create a first pass at a roadmap to address inefficiencies Next Step: DevOps Value Stream Mapping Workshop
  • 27. KNOWLEDGE WANTS TO BE FREE COPYRIGHT © 2020 ACCELERATED STRATEGIES GROUP, INC. ALL RIGHTS RESERVED