SlideShare a Scribd company logo

DevSecOps - The big picture

Stefan Streichsbier
Stefan Streichsbier

This document discusses the concepts of DevSecOps at a high level. It begins with a brief history of development methodologies, from Waterfall to Agile, and how Ops became a bottleneck. This led to trends in Agile Operations and collaboration between Dev and Ops, known as DevOps. DevSecOps expands this to incorporate security. It discusses the importance of culture, processes, and technologies for effective communication, automation, and collaboration across Dev, Ops, and Security. The goal is to enable organizations to deliver inherently secure software at DevOps speed through a high-trust environment and automated security pipelines integrated into the software development lifecycle.

Technology
1 of 31
Download to read offline
The big picture Culture, Processes and Technologies on a high level
Stefan Streichsbier Company: Vantage Point Twitter: @s_streichsbier Why?
A Brief History of DevOps
In the beginning there was… Source: https://www.flickr.com/photos/37186408@N05/12162302775
Waterfall • Long release cycles • A lot of “WIP” • Functional silos • Incredibly rigid
…then there was Agile Source: https://i.ytimg.com/vi/8Hedq2d1H44/maxresdefault.jpg
Agile • Shorter release cycles • Smaller batch sizes • Cross-functional teams • “Incredibly” agile
Suddenly Ops was the bottleneck
Agile Ops Anyone? 2 major related trends: 1. Agile Operations/Infrastructure 2. Collaboration between dev and ops Ultimately led to the first DevOpsDays in 2009…
So, what is DevOps? • Set of principles and practices for efficient communication and collaboration. (Culture) • Automated deployment pipeline. (Processes) • Supporting tool chain (Technologies)
”[…]it seems as though the problems are just between dev and ops, but test is in there, and you have security objectives. These are top-level concerns of Management […] and have become part of the DevOps picture. In other words, when you hear "DevOps" today, you should probably be thinking DevOpsQATestInfoSec." - Gene Kim
DevSecOps
Target State DevSecOps enables organisations to deliver inherently secure software at DevOps speed.
Security challenges in DevOps • It is clear why companies are moving to DevOps …but how can security keep up with this? Source: https://xebialabs.com/assets/files/whitepapers/ITRev_DevOps_Guide_5_2015.pdf
3 key categories of DevSecOps 1. Culture 2. Processes 3. Technologies
Culture
Culture • Communication and transparency • High-trust environment “blameless postmortem” • Continuous improvement • Everyone is responsible for security • Automate as much as possible • Everything as code
Culture: Open Space Ideas • How did your org switch to Dev(Sec)Ops? • Continuous Improvement (Kaizen) • What are you automating at the moment?
Processes
Processes 1. Secure SDLC 2. Security Pipelines
Processes: Secure SDLC 1. Training 2. Requirements 3. Architecture & Design 4. Coding 5. Testing 6. Deployment 7. Post Deployment
Processes: Sec Pipelines • Opt. critical resource • Reduce friction • Increase visibility • Each step repeatable • Drive up consistency
Security Pipelines
Processes: Open Space Ideas • How are you managing security requirements? • How are you building security into the SDLC? • AppSec Pipelines in the wild • ChatSecOps
TechnologiesDevOps is not supposed to be about “tools”
DevSecOps Technologies 1. Requirements 2. Code: IDE Plugins, SAST 3. Test: Gauntlt, *AST 4. Configure: Sec as Code 5. Maintenance: Patch Management 6. Monitor: Auditing, Attack visibility, RASP Warning about *AST
Technologies: Open Space Ideas • Scaling security requirements • TDD and security in testing • Which *AST technologies have you been using? • Experience with IDE Plugins • Environment management (Dev/Prod parity) • Configuration management (configuration drift) • Patch Management and deployment strategies (e.g. Phoenix)
Summary • DevSecOps enable organisations to deliver inherently secure software at DevOps speed.
Questions?
Inspirations • http://itrevolution.com/heres-how-the-amazing-twitter-infosec-team-helps-devops/ • http://techbeacon.com/devsecops-9-ways-devops-automation-bolster-security-compliance • https://www.checkmarx.com/2015/11/13/devsecops-4-best-practices-the-pros-teach-us-about- security-and-devops/ • http://www.slideshare.net/zanelackey/effective-approaches-to-web-application-security • http://searchdatacenter.techtarget.com/feature/How-to-adopt-a-successful-DevOps-enterprise • https://opensource.com/business/14/7/devops-red-hat • http://www.infoq.com/news/2014/03/etsy-deploy-50-times-a-day • http://www.slideshare.net/mtesauro/taking-appsec-to-11-appsec-pipeline-devops-and-making- things-better • https://www.owasp.org/index.php/OWASP_AppSec_Pipeline

Recommended

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...Mohamed Nizzad
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and HowNotSoSecure Global Services
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 

Recommended

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...Mohamed Nizzad
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and HowNotSoSecure Global Services
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsAmazon Web Services
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOpsDevOps Indonesia
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019NotSoSecure Global Services
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsJoel Divekar
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsMichael Man
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle IntroductionCodeOps Technologies LLP
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsabhimanyubhogwan
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introductionSridhara T V
 
DevOps Transformation: Learnings and Best Practices
DevOps Transformation: Learnings and Best PracticesDevOps Transformation: Learnings and Best Practices
DevOps Transformation: Learnings and Best PracticesQBurst
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introductionMettje Heegstra
 
DevOps
DevOps DevOps
DevOps Hakan Yüksel
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines Abdul_Mujeeb
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyJason Suttie
 

More Related Content

What's hot

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsMichael Man
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introductionSridhara T V
 
DevOps Transformation: Learnings and Best Practices
DevOps Transformation: Learnings and Best PracticesDevOps Transformation: Learnings and Best Practices
DevOps Transformation: Learnings and Best PracticesQBurst
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines Abdul_Mujeeb
 

What's hot (20)

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle Introduction
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOps
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
DevOps Transformation: Learnings and Best Practices
DevOps Transformation: Learnings and Best PracticesDevOps Transformation: Learnings and Best Practices
DevOps Transformation: Learnings and Best Practices
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
DevOps
DevOps DevOps
DevOps
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
 

Viewers also liked

DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyJason Suttie
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...Amazon Web Services
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsSuman Sourav
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsZane Lackey
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpskieranjacobsen
 
Devops, Secops, Opsec, DevSec *ops *.* ?
Devops, Secops, Opsec, DevSec *ops *.* ?Devops, Secops, Opsec, DevSec *ops *.* ?
Devops, Secops, Opsec, DevSec *ops *.* ?Kris Buytaert
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsAmazon Web Services
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information SecurityDevSecOpsSg
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryDevSecCon
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareSeniorStoryteller
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildDevSecCon
 

Viewers also liked (20)

DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in Jenkins
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOps
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOps
 
Devops, Secops, Opsec, DevSec *ops *.* ?
Devops, Secops, Opsec, DevSec *ops *.* ?Devops, Secops, Opsec, DevSec *ops *.* ?
Devops, Secops, Opsec, DevSec *ops *.* ?
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information Security
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application delivery
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wild
 

Similar to DevSecOps - The big picture

Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOpsOutpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOpsOutpost24
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon
 
The Road to DevOps V3
The Road to DevOps V3The Road to DevOps V3
The Road to DevOps V3Ahmed Misbah
 
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016Inspectie van het Onderwijs
 
DevOps The Cultural revolution
DevOps The Cultural revolutionDevOps The Cultural revolution
DevOps The Cultural revolutionSomenath Ghosh
 
HouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchHouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchSpencer Koch
 
DevOps! What, Why and How?
DevOps! What, Why and How?DevOps! What, Why and How?
DevOps! What, Why and How?Omar Fathy
 
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP AhmedabadIntroduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabadkunwaratul hax0r
 
You build it - Cyber Chicago Keynote
You build it - Cyber Chicago KeynoteYou build it - Cyber Chicago Keynote
You build it - Cyber Chicago KeynoteJohn Willis
 
What it feels like to live in a Security Enabled DevOps World
What it feels like to live in a Security Enabled DevOps WorldWhat it feels like to live in a Security Enabled DevOps World
What it feels like to live in a Security Enabled DevOps WorldKarun Chennuri
 
DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017James Strong
 
August 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London GatheringAugust 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London GatheringMichael Man
 
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...Daniel Bryant
 
Getting Started with DevOps
Getting Started with DevOpsGetting Started with DevOps
Getting Started with DevOpsAhmed Misbah
 
Blue Teaming on a Budget of Zero
Blue Teaming on a Budget of ZeroBlue Teaming on a Budget of Zero
Blue Teaming on a Budget of ZeroKyle Bubp
 
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAutomation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAppDynamics
 
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGroup
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 

Similar to DevSecOps - The big picture (20)

Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOpsOutpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOps
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
 
The Road to DevOps V3
The Road to DevOps V3The Road to DevOps V3
The Road to DevOps V3
 
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016
 
DevOps The Cultural revolution
DevOps The Cultural revolutionDevOps The Cultural revolution
DevOps The Cultural revolution
 
HouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchHouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from Scratch
 
DevOps! What, Why and How?
DevOps! What, Why and How?DevOps! What, Why and How?
DevOps! What, Why and How?
 
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP AhmedabadIntroduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabad
 
You build it - Cyber Chicago Keynote
You build it - Cyber Chicago KeynoteYou build it - Cyber Chicago Keynote
You build it - Cyber Chicago Keynote
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
 
What it feels like to live in a Security Enabled DevOps World
What it feels like to live in a Security Enabled DevOps WorldWhat it feels like to live in a Security Enabled DevOps World
What it feels like to live in a Security Enabled DevOps World
 
1st Riga DevOps meetup
1st Riga DevOps meetup1st Riga DevOps meetup
1st Riga DevOps meetup
 
DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017
 
August 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London GatheringAugust 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London Gathering
 
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
 
Getting Started with DevOps
Getting Started with DevOpsGetting Started with DevOps
Getting Started with DevOps
 
Blue Teaming on a Budget of Zero
Blue Teaming on a Budget of ZeroBlue Teaming on a Budget of Zero
Blue Teaming on a Budget of Zero
 
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAutomation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
 
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 

More from Stefan Streichsbier

DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogStefan Streichsbier
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019Stefan Streichsbier
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonStefan Streichsbier
 
State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019Stefan Streichsbier
 
Security and Mobility Co Create Week Jakarta
Security and Mobility Co Create Week JakartaSecurity and Mobility Co Create Week Jakarta
Security and Mobility Co Create Week JakartaStefan Streichsbier
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Stefan Streichsbier
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Stefan Streichsbier
 
A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...
A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...
A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...Stefan Streichsbier
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile worldStefan Streichsbier
 
Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Stefan Streichsbier
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Stefan Streichsbier
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introductionStefan Streichsbier
 

More from Stefan Streichsbier (15)

DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
State of DevSecOps - GTACS 2019
State of DevSecOps - GTACS 2019State of DevSecOps - GTACS 2019
State of DevSecOps - GTACS 2019
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} Hackathon
 
State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019
 
Security and Mobility Co Create Week Jakarta
Security and Mobility Co Create Week JakartaSecurity and Mobility Co Create Week Jakarta
Security and Mobility Co Create Week Jakarta
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018
 
A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...
A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...
A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile world
 
Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

DevSecOps - The big picture

Editor's Notes

  1. Architecting Enterprise wide security programs Integrating security activities into the SDLC Achieving security at DevOps speed How many have been at the devopsdays singapore last year?
  2. Us security guys typically only mingle in dedicated security meetups and conferences and talk about the latest way of how to break stuff, but as most of my work is spent in development teams I really enjoy the conversations with people that build software and I don’t just mean devs. So when I heard that devopsdays are being hosted in Singapore I was very excited, their line up of speakers was fantastic we even had John Willis giving a keynote. As with every DevOpsDays conference the whole afternoon was dedicated to openspace topics and I was really keen to know about others are integrating security into agile and devops. The topic was eventually selected and I counted 40+ people that joined the session. And even though we had some people share their experiences, what really struck me was the fact that so many people were genuinely interested in how to integrate security but there weren’t many concrete answers given. So that’s why, in the spirit of devops, I wanted to contribute to the community and created devsecops to achieve exactly that. Find solutions that help create secure applications at the speed of DevOps.
  3. WIP: Work that you have started, but that isn’t completed yet.
  4. Infrastructure wasn’t able to deal with rapid changes coming out of production
  5. Understanding of the value of throughout SDLC And since then has spread around the globe.
  6. Starts with agile, but goes well beyond Amplify Feedback loops
  7. And everyone’s job is to enable the business!
  8. In fact, many believe that it’s not a matter of if your company is adopting devops, but when. This is quite interesting because devXops is still evolving.especially in the area of devSecOps. The exciting thing is that DevSecOps is still very young and great new ideas of how to improve things are being discovered daily. Every single conversation we have can push the envelope.
  9. “DevOps works because dev and ops teams understand each other better and can make more informed decisions. Rather than solving problems in silos, they’re solving for the stream of activity and the goal. If you show DevOps teams how security can make them better, then as a reciprocation they tend to ask, “Well, are there any choices we make that would make your life easier?”   Companies like the Etsy online marketplace have also demonstrated that providing an environment in which it's safe to talk about failure makes it much more likely that problems are discovered early and information gets shared more quickly and more widely. Josh is talking about how the culture of transparency and sharing information between teams has allowed the development and operations teams to better understand where the other team is coming from – allowing everyone to be on the same page. Especially in an environment where speed is of utmost importance, knowing exactly what is going on at any given time is going to be essential for the health of organization as a whole.   Transparency is an essential part of the DevSecOps world, and security processes and monitoring has to be seen by all stakeholders if it is going to thrive in a DevOps world. See more at: https://www.checkmarx.com/2015/11/13/devsecops-4-best-practices-the-pros-teach-us-about-security-and-devops/?utm_content=buffer04d69&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer#sthash.mRgdPnKn.dpuf
  10. You don’t start with
  11. Everyone is responsible for security, make it easy to “win”
  12. In order to deliver inherently secure applications at devops speed, we need to have team members that embrace security. Failing unit tests
  13. Fix things quickly. Metrics An AppSec Pipelines takes the principles of DevOps and Lean and applies that to an application security program.
  14. We could probably spend the next 6 sessions talking about this alone
  15. You don’t start with
  16. A quick word on *AST, only covers about 50% of the potential findings. It’s important to understand what they can identify and what they can’t. (RUNTIME APPLICATION SELF-PROTECTION)
  17. You don’t start with
  18. So in order for devsecops to live up to its full potential and enable organisations to deliver inherently secure software at devops speed, Culture, Processes and Technologies have to come together as one towards the same goal. Thank you