Jeremiah Tillman, profile picture
Uploaded byJeremiah Tillman
PPTX, PDF37 views

DevOps

The document discusses DevSecOps, which combines DevOps and network security. It outlines the stages of a DevSecOps pipeline including continuous integration, delivery, and deployment. It presents a DevSecOps manifesto advocating for open collaboration, security as a service, exploit testing, and compliance as operations. The document also provides examples of integrating security practices at different stages of the software development lifecycle and approaches for legacy versus new applications.

Technologyโ—ฆ
Related topics:
Network Securityโ€ข Information Securityโ€ข

Embed presentation

Download to read offline
DevOps + Network Security = DevSecOps By Jeremiah Tillman
A Well Rounded DevOps Team QA Testing Operatio Develop
Continuous Integration (CI) ๏‚šMerging the development branches together (master branch) ๏‚šMust successfully pass a series of tests
Continuous Delivery (CD) ๏‚šDeploying small changes more often ๏‚šAutomated delivery of updates
Deployment Pipeline Stages Build & Automate CI Test Automation Deploy Automation Components Visibility Feedback Continuously Deploy
DevSecOps Manifesto ๏‚š Leaning in over Always Saying โ€œNoโ€ ๏‚š Data & Security Science over Fear, Uncertainty and Doubt ๏‚š Open Contribution & Collaboration over Security-Only Requirements ๏‚š Consumable Security Services with APIs over Mandated Security Controls & Paperwork ๏‚š Business Driven Security Scores over Rubber Stamp Security ๏‚š Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities ๏‚š 24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident ๏‚š Shared Threat Intelligence over Keeping Info to Ourselves ๏‚š Compliance Operations over Clipboards & Checklists
DevSecOps Integration ๏‚š 1. Prior to code being committed ๏‚š SAST that be run locally or integrated into an IDE ๏‚š 2. During CI ๏‚š Security checks can be issued via the jobs server ๏‚š Unit testing, abuse cases, SAST, and software component analysis (supply chain hygiene) ๏‚š 3. After a successful build ๏‚š Automatically and securely configure and provision servers ๏‚š Configuration management, DAST, security smoke tests ๏‚š 4. Post deployment ๏‚š Automated runtime asserts and compliance checks ๏‚š Automated correction ๏‚š Production monitoring/feedback
Greenfield vs. Legacy ๏‚š Greenfield Environment /Applications ๏‚š Do it right from the start! ๏‚š Legacy Applications ๏‚š Start with vulnerability & risk assessment ๏‚š Apply patches to remediate all vulnerabilities that donโ€™t require major design changes ๏‚š Integrate automated security testing in future releases when possible ๏‚š Rebuilding / Sunsetting ๏‚š Consider breaking out individual components one at a time, where possible, instead of a hard cutover ๏‚š New system should be following secure architecture principles and integrate security throughout the SDLC

More Related Content

PPTX
Chefdevseccon2015
bysc0ttruss
ย 
PDF
Application Security at DevOps Speed - DevOpsDays Singapore 2016
byStefan Streichsbier
ย 
PDF
Enterprise Security APIs
byAdam Migus
ย 
PDF
A Successful SAST Tool Implementation
byCheckmarx
ย 
PDF
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
byThreat Stack
ย 
PDF
Devops security-An Insight into Secure-SDLC
bySuman Sourav
ย 
PDF
Bringing Security Testing to Development: How to Enable Developers to Act as ...
byAchim D. Brucker
ย 
PDF
From Gates to Guardrails: Alternate Approaches to Product Security
byJason Chan
ย 
Chefdevseccon2015
bysc0ttruss
ย 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
byStefan Streichsbier
ย 
Enterprise Security APIs
byAdam Migus
ย 
A Successful SAST Tool Implementation
byCheckmarx
ย 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
byThreat Stack
ย 
Devops security-An Insight into Secure-SDLC
bySuman Sourav
ย 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
byAchim D. Brucker
ย 
From Gates to Guardrails: Alternate Approaches to Product Security
byJason Chan
ย 

What's hot

PPTX
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
byWhiteSource
ย 
PDF
A Secure DevOps Journey
byVeracode
ย 
PDF
Evident io Continuous Compliance - Mar 2017
bySebastian Taphanel CISSP-ISSEP
ย 
PDF
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
byWhiteSource
ย 
PDF
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
bySebastian Taphanel CISSP-ISSEP
ย 
PPTX
Automating Open Source Security: A SANS Review of WhiteSource
byWhiteSource
ย 
PPTX
Open Source Libraries - Managing Risk in Cloud
bySuman Sourav
ย 
PPTX
DevSecOps outline
byNickleus Jimenez
ย 
PDF
DevSecOps, The Good, Bad, and Ugly
by4ndersonLin
ย 
PPTX
Splitting The Check On Compliance and Security
byNew Relic
ย 
PPTX
Secure Software Development Life Cycle
byMaurice Dawson
ย 
PDF
The Challenges of Scaling DevSecOps
byWhiteSource
ย 
PDF
Dev week cloud world conf2021
byArchana Joshi
ย 
PPTX
Whatโ€™s making way for secure sdlc
byAvancercorp
ย 
PPTX
Introduction to DevSecOps
byabhimanyubhogwan
ย 
PDF
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
byWhiteSource
ย 
PPTX
A journey from dev ops to devsecops
byVeritis Group, Inc
ย 
PDF
OSB130 Patch Management Best Practices
byIvanti
ย 
PPTX
Turning security into code by Jeff Williams
byDevSecCon
ย 
PDF
PIACERE - DevSecOps Automated
byPIACERE
ย 
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
byWhiteSource
ย 
A Secure DevOps Journey
byVeracode
ย 
Evident io Continuous Compliance - Mar 2017
bySebastian Taphanel CISSP-ISSEP
ย 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
byWhiteSource
ย 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
bySebastian Taphanel CISSP-ISSEP
ย 
Automating Open Source Security: A SANS Review of WhiteSource
byWhiteSource
ย 
Open Source Libraries - Managing Risk in Cloud
bySuman Sourav
ย 
DevSecOps outline
byNickleus Jimenez
ย 
DevSecOps, The Good, Bad, and Ugly
by4ndersonLin
ย 
Splitting The Check On Compliance and Security
byNew Relic
ย 
Secure Software Development Life Cycle
byMaurice Dawson
ย 
The Challenges of Scaling DevSecOps
byWhiteSource
ย 
Dev week cloud world conf2021
byArchana Joshi
ย 
Whatโ€™s making way for secure sdlc
byAvancercorp
ย 
Introduction to DevSecOps
byabhimanyubhogwan
ย 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
byWhiteSource
ย 
A journey from dev ops to devsecops
byVeritis Group, Inc
ย 
OSB130 Patch Management Best Practices
byIvanti
ย 
Turning security into code by Jeff Williams
byDevSecCon
ย 
PIACERE - DevSecOps Automated
byPIACERE
ย 

Similar to DevOps

PDF
DevSecOps as a Service_ Secure Your Software Pipeline Without Slowing It Down...
byDevseccops.ai
ย 
PDF
Scale security for a dollar or less
byMohammed A. Imran
ย 
PPTX
The DevSecOps Advantage: A Comprehensive Guide
byDev Software
ย 
ODP
Making security-agile matt-tesauro
byMatt Tesauro
ย 
PPTX
Succeeding-Marriage-Cybersecurity-DevOps final
byrkadayam
ย 
PDF
AppSec in an Agile World
byDavid Lindner
ย 
PPTX
Securing the continuous integration
byIrene Michlin
ย 
ODP
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
byMatt Tesauro
ย 
PDF
The Challenge of Integrating Security Solutions with CI.pdf
bySavinder Puri
ย 
PDF
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
ย 
PPTX
DevSecOps : an Introduction
byPrashanth B. P.
ย 
PDF
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
ย 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
ย 
PDF
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
ย 
PPTX
ะ”ะผะธั‚ั€ะพ ะขะตั€ะตั‰ะตะฝะบะพ, "How to secure your application with Secure SDLC"
bySigma Software
ย 
PPTX
DevSecOps: Security and Compliance at the Speed of Continuous Delivery
byDag Rowe
ย 
PDF
DevSecOps Basics with Azure Pipelines
byAbdul_Mujeeb
ย 
PDF
Top 20 DevSecOps Interview Questions and Answers
bypriyanshamadhwal2
ย 
PDF
Top 20 DevSecOps Interview Questions.pdf
byinfosec train
ย 
PDF
Top 20 DevSecOps Interview Questions.pdf
byinfosec train
ย 
DevSecOps as a Service_ Secure Your Software Pipeline Without Slowing It Down...
byDevseccops.ai
ย 
Scale security for a dollar or less
byMohammed A. Imran
ย 
The DevSecOps Advantage: A Comprehensive Guide
byDev Software
ย 
Making security-agile matt-tesauro
byMatt Tesauro
ย 
Succeeding-Marriage-Cybersecurity-DevOps final
byrkadayam
ย 
AppSec in an Agile World
byDavid Lindner
ย 
Securing the continuous integration
byIrene Michlin
ย 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
byMatt Tesauro
ย 
The Challenge of Integrating Security Solutions with CI.pdf
bySavinder Puri
ย 
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
ย 
DevSecOps : an Introduction
byPrashanth B. P.
ย 
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
ย 
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
ย 
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
ย 
ะ”ะผะธั‚ั€ะพ ะขะตั€ะตั‰ะตะฝะบะพ, "How to secure your application with Secure SDLC"
bySigma Software
ย 
DevSecOps: Security and Compliance at the Speed of Continuous Delivery
byDag Rowe
ย 
DevSecOps Basics with Azure Pipelines
byAbdul_Mujeeb
ย 
Top 20 DevSecOps Interview Questions and Answers
bypriyanshamadhwal2
ย 
Top 20 DevSecOps Interview Questions.pdf
byinfosec train
ย 
Top 20 DevSecOps Interview Questions.pdf
byinfosec train
ย 

Recently uploaded

PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
ย 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
ย 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
ย 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
ย 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
ย 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
ย 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
ย 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
ย 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
ย 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
ย 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
ย 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
ย 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
ย 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
ย 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
ย 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
ย 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
ย 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
ย 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
ย 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
ย 
apidays Paris 2025 | Building Agentic Workflows
byapidays
ย 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
ย 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
ย 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
ย 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
ย 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
ย 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
ย 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
ย 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
ย 
PPTX game guess the logo with a twistppt
byAdrianAnig
ย 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
ย 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
ย 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
ย 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
ย 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
ย 
Celonis Optimizing your future with process
bydevjeremyappleyard
ย 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
ย 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
ย 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
ย 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
ย 

DevOps

  • 1.
  • 2.
    A Well RoundedDevOps Team QA Testing Operatio Develop
  • 3.
    Continuous Integration (CI) ๏‚šMergingthe development branches together (master branch) ๏‚šMust successfully pass a series of tests
  • 4.
    Continuous Delivery (CD) ๏‚šDeployingsmall changes more often ๏‚šAutomated delivery of updates
  • 5.
    Deployment Pipeline Stages Build& Automate CI Test Automation Deploy Automation Components Visibility Feedback Continuously Deploy
  • 6.
    DevSecOps Manifesto ๏‚š Leaningin over Always Saying โ€œNoโ€ ๏‚š Data & Security Science over Fear, Uncertainty and Doubt ๏‚š Open Contribution & Collaboration over Security-Only Requirements ๏‚š Consumable Security Services with APIs over Mandated Security Controls & Paperwork ๏‚š Business Driven Security Scores over Rubber Stamp Security ๏‚š Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities ๏‚š 24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident ๏‚š Shared Threat Intelligence over Keeping Info to Ourselves ๏‚š Compliance Operations over Clipboards & Checklists
  • 7.
    DevSecOps Integration ๏‚š 1.Prior to code being committed ๏‚š SAST that be run locally or integrated into an IDE ๏‚š 2. During CI ๏‚š Security checks can be issued via the jobs server ๏‚š Unit testing, abuse cases, SAST, and software component analysis (supply chain hygiene) ๏‚š 3. After a successful build ๏‚š Automatically and securely configure and provision servers ๏‚š Configuration management, DAST, security smoke tests ๏‚š 4. Post deployment ๏‚š Automated runtime asserts and compliance checks ๏‚š Automated correction ๏‚š Production monitoring/feedback
  • 8.
    Greenfield vs. Legacy ๏‚šGreenfield Environment /Applications ๏‚š Do it right from the start! ๏‚š Legacy Applications ๏‚š Start with vulnerability & risk assessment ๏‚š Apply patches to remediate all vulnerabilities that donโ€™t require major design changes ๏‚š Integrate automated security testing in future releases when possible ๏‚š Rebuilding / Sunsetting ๏‚š Consider breaking out individual components one at a time, where possible, instead of a hard cutover ๏‚š New system should be following secure architecture principles and integrate security throughout the SDLC