MM
Uploaded byMichael Man
PPTX, PDF262 views

DevSecOps Manchester - May 2019

This document discusses plans for a DevSecOps meetup event in London in May 2019. It provides information on organizing the event including finding venues, speakers, and sponsors. It also lists related DevSecOps groups and conferences. At the end, it announces an anniversary event in September 2019 and provides initial details on speakers and topics.

Embed presentation

Download to read offline
DevSecOps – London Gathering May 2019
THE JOURNEY … • Venue (s) • Do you need support from vendors • Speakers • What content • Defining a theme • Recordings; Streaming • Give-aways (not prizes) • Format of meetup • How long • Networking • Collaboration
WAYS TO STAY IN TOUCH https://www.meetup.com/DevSecOps-London-Gathering https://twitter.com/DevSecOps_LG https://www.linkedin.com/company/devsecops-london-gathering https://github.com/DevSecOps-LondonGathering https://www.youtube.com/channel/UCR4oVMkRjNN2OQaWMiBcfJA
SLIDES & REFERENCES https://www.vr-security.com/references https://www.vr-security.com/presentations
SHOUT OUT *** Meetups *** OWASP London Chapter www.meetup.com/OWASP-London/ OWASP WIA www.meetup.com/womeninappsec/ DevSecOps Manchester www.meetup.com/DevSecOps-Manchester/ DevSecOps – Netherlands www.meetup.com/DevSecOps-Netherlands/ LLHS www.meetup.com/LLHS-Ladies-of-London-Hacking-Society/ *** Technology Specific *** Istio London www.meetup.com/Istio-London/ Kubernetes London www.meetup.com/Kubernetes-London/ Threat Modeling www.meetup.com/The-Threat-Modeling-Meetup/ Docker London www.meetup.com/Docker-London/
SHOUT OUT *** Conferences *** DevSecCon London https://www.devseccon.com/london-2019/ Open Security Summit https://open-security-summit.org/ Bsides London https://www.securitybsides.org.uk/
DEVSECOPS – LONDON GATHERING ANNIVERSARY EVENT 2019 Date: Wednesday 11th September Venue: Near St Paul’s Speakers so far: • Dr. Helen Thackray Topics: • Rounding up a few vendors to show us how they conduct secure development. • Playing back what hiring has been like the last year. Sponsorship/Support so far:
DevSecOps – People & Culture • Break down the silo; no change here, just like the original DevOps movement • Not aware of what is going on – likely you are not part of the “DevSecOps” team; leave your ivory tower and build relationships • Conduct a Value Stream Mapping exercise to optimize your delivery (rinse and repeat) • Drill down and sketch out the details of each workflow before solutionising • Try new checks/controls as part of the pipeline
IDE Static Code Analysis SCM Dynamic Analysis Open Source Software Security Security Testing Framework Binary Repository Define Security Test CasesThreat Modeling Security Standards Automation Tools: Passing Criteria Risk Management Out of Band Security Testing Security Champions DevSecOps Engineer Security Audit Artifacts CI Build Server DevSecOps – Tooling & Assurance Examples (May 2019) curl nmap sslyze sqlmap Interactive Testing Infrastructure Assurance Threat Modeling Container Security
Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Updated: May 2019 Container Security Infrastructure Scanning

More Related Content

PPTX
Apereo portlet showcase 2017
byBenito Gonzalez
 
PDF
Getting Started with SharePoint solutions and GitHub
byLaurent Sittler
 
PPTX
Extract: DevSecOps - London Gathering (March 2019)
byMichael Man
 
PDF
IAN Stack: Ionic, Angular and Nest.js
byFyodorL
 
PDF
How to Grow and Measure Your API Program - I ♥ APIs 2015
byAndrew Mager
 
PPTX
Devoxx 2016 Using Jenkins, Gerrit and Spark for Continuous Delivery Analytics
byLuca Milanesio
 
PDF
Leaflet-IIIF: Plugins and Extensibility with IIIF
byIIIF_io
 
PDF
Waltz-Controls presentation for Canadian Light Source
byIgor Khokhryakov
 
Apereo portlet showcase 2017
byBenito Gonzalez
 
Getting Started with SharePoint solutions and GitHub
byLaurent Sittler
 
Extract: DevSecOps - London Gathering (March 2019)
byMichael Man
 
IAN Stack: Ionic, Angular and Nest.js
byFyodorL
 
How to Grow and Measure Your API Program - I ♥ APIs 2015
byAndrew Mager
 
Devoxx 2016 Using Jenkins, Gerrit and Spark for Continuous Delivery Analytics
byLuca Milanesio
 
Leaflet-IIIF: Plugins and Extensibility with IIIF
byIIIF_io
 
Waltz-Controls presentation for Canadian Light Source
byIgor Khokhryakov
 

More from Michael Man

PPTX
5 things i wish i knew about sast (DSO-LG July 2021)
byMichael Man
 
PDF
K8S Certifications - Exam Cram
byMichael Man
 
PDF
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
byMichael Man
 
PDF
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
byMichael Man
 
PPTX
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
byMichael Man
 
PPTX
Extract Oct 2019: DSO-LG Rolling Slides
byMichael Man
 
PPTX
Sept 2019 - DSO-LG Tooling Examples
byMichael Man
 
PDF
Chris Rutter: Avoiding The Security Brick
byMichael Man
 
PDF
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
byMichael Man
 
PDF
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
byMichael Man
 
PDF
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
byMichael Man
 
PDF
August 2018: DevSecOps - London Gathering
byMichael Man
 
PPTX
DevSecOps - London Gathering : June 2018
byMichael Man
 
PDF
Continuous Security: From tins to containers - now what!
byMichael Man
 
PDF
The mechanics behind how attackers exploit simple programming mistakes ...
byMichael Man
 
PDF
Secret Management Journey - Here Be Dragons aka Secret Dragons
byMichael Man
 
PPTX
DevSecOps March 2018 - Extract
byMichael Man
 
PDF
DevSecOps The Evolution of DevOps
byMichael Man
 
PDF
Dynaminet -DevSecOps
byMichael Man
 
PPTX
DevSecOps: Test Automation
byMichael Man
 
5 things i wish i knew about sast (DSO-LG July 2021)
byMichael Man
 
K8S Certifications - Exam Cram
byMichael Man
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
byMichael Man
 
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
byMichael Man
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
byMichael Man
 
Extract Oct 2019: DSO-LG Rolling Slides
byMichael Man
 
Sept 2019 - DSO-LG Tooling Examples
byMichael Man
 
Chris Rutter: Avoiding The Security Brick
byMichael Man
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
byMichael Man
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
byMichael Man
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
byMichael Man
 
August 2018: DevSecOps - London Gathering
byMichael Man
 
DevSecOps - London Gathering : June 2018
byMichael Man
 
Continuous Security: From tins to containers - now what!
byMichael Man
 
The mechanics behind how attackers exploit simple programming mistakes ...
byMichael Man
 
Secret Management Journey - Here Be Dragons aka Secret Dragons
byMichael Man
 
DevSecOps March 2018 - Extract
byMichael Man
 
DevSecOps The Evolution of DevOps
byMichael Man
 
Dynaminet -DevSecOps
byMichael Man
 
DevSecOps: Test Automation
byMichael Man
 

Recently uploaded

PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
DOCX
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
PDF
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PPTX
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PPTX
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 

DevSecOps Manchester - May 2019

  • 1.
    DevSecOps – LondonGathering May 2019
  • 2.
    THE JOURNEY … •Venue (s) • Do you need support from vendors • Speakers • What content • Defining a theme • Recordings; Streaming • Give-aways (not prizes) • Format of meetup • How long • Networking • Collaboration
  • 3.
    WAYS TO STAYIN TOUCH https://www.meetup.com/DevSecOps-London-Gathering https://twitter.com/DevSecOps_LG https://www.linkedin.com/company/devsecops-london-gathering https://github.com/DevSecOps-LondonGathering https://www.youtube.com/channel/UCR4oVMkRjNN2OQaWMiBcfJA
  • 4.
  • 5.
    SHOUT OUT *** Meetups*** OWASP London Chapter www.meetup.com/OWASP-London/ OWASP WIA www.meetup.com/womeninappsec/ DevSecOps Manchester www.meetup.com/DevSecOps-Manchester/ DevSecOps – Netherlands www.meetup.com/DevSecOps-Netherlands/ LLHS www.meetup.com/LLHS-Ladies-of-London-Hacking-Society/ *** Technology Specific *** Istio London www.meetup.com/Istio-London/ Kubernetes London www.meetup.com/Kubernetes-London/ Threat Modeling www.meetup.com/The-Threat-Modeling-Meetup/ Docker London www.meetup.com/Docker-London/
  • 6.
    SHOUT OUT *** Conferences*** DevSecCon London https://www.devseccon.com/london-2019/ Open Security Summit https://open-security-summit.org/ Bsides London https://www.securitybsides.org.uk/
  • 7.
    DEVSECOPS – LONDONGATHERING ANNIVERSARY EVENT 2019 Date: Wednesday 11th September Venue: Near St Paul’s Speakers so far: • Dr. Helen Thackray Topics: • Rounding up a few vendors to show us how they conduct secure development. • Playing back what hiring has been like the last year. Sponsorship/Support so far:
  • 8.
    DevSecOps – People& Culture • Break down the silo; no change here, just like the original DevOps movement • Not aware of what is going on – likely you are not part of the “DevSecOps” team; leave your ivory tower and build relationships • Conduct a Value Stream Mapping exercise to optimize your delivery (rinse and repeat) • Drill down and sketch out the details of each workflow before solutionising • Try new checks/controls as part of the pipeline
  • 9.
    IDE Static Code Analysis SCM Dynamic Analysis OpenSource Software Security Security Testing Framework Binary Repository Define Security Test CasesThreat Modeling Security Standards Automation Tools: Passing Criteria Risk Management Out of Band Security Testing Security Champions DevSecOps Engineer Security Audit Artifacts CI Build Server DevSecOps – Tooling & Assurance Examples (May 2019) curl nmap sslyze sqlmap Interactive Testing Infrastructure Assurance Threat Modeling Container Security
  • 10.
    Dev Workstation BuildServer Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Updated: May 2019 Container Security Infrastructure Scanning