SlideShare a Scribd company logo

Scania's DevSecOps approach - Gamifying Security - auto:CODE

Download as PPTX, PDF
Anders Lundsgård
Anders Lundsgård

Presentation about Cloud Security at Scania 2019. At the yearly auto:CODE we.CONECT conference in Berlin. What needs have drive the Cloud movement and how to further improve agility with empowered feature teams that securely work autonomous in AWS Cloud.

Presentations & Public Speaking
1 of 25
Scania’s DevSecOps Approach – Gamifying Security in the Cloud ANDERS LUNDSGÅRD, BERLIN – 2019-11-28
Scania Cloud Adoption – Security Team Anders Lundsgård Senior Engineer @ CS Delivery Engineering Cloud Engineer/Architect @ Scania Cloud Adoption @anderslundsgard
Disclaimer There is no official Scania “DevSecOps manifest definition”. DevSecOps in this presentation is only one view of DevSecOps. Based on the presenters experience in building, deploying and operating software in a secure way.
in the early days… More features quicker Stability
in the early days… Stability This is me today
• 3-8 people • Requirements • Technologies • Quality • Deployment • Monitoring • Operations 6 Autonomous Teams that fully own their services
7
Zero Downtime Enables engineers to be present when their code goes live
Deploy != Release Feature Team Concern Business Decision
Remove Handovers Avoid sub optimize in organizational silos
Deploy frequency - Scania Connected Services • 2015 – Agile teams • 12 deploys per year • 2016 – Autonomous Teams • Continuous Delivery • 30+ Prod deploys per day • 2011 – Software projects • 2-3 in parallel • 3 deploys per year 1. Microservice Architecture 2. Challenged and improved infra related processes 3. Trust and courage from management Continuous Integration Infrastructure changes NOT included
Cloud Adoption 20162014 Cloud First 2019 Cloud Only (For new initiatives) Cloud Native
Innovation Global Reach Security Cost Speed
1000+ Engineers and 400+ AWS accounts = Feature TeamFT DE = Delivery Engineering (Cloud Satellite) DE FT FT FT FT FT FT FT FT DE FT FT FT FT FT DE FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT FT Multiple other departments co-located in same building Cloud Adoption (~10 engineers) Dev-teams that move to “DevOps”-teams with no investment tend to struggle in their cloud journey
Greenfield AWS setup Version Control cloud enabled AWS multi account strategy Immutable infrastructure In each Feature Team! Read Only in Prod for human beings NO CLOUD OPS
VIDEO https://dreambroker.com/channel/td4z2vr3/ovxsnico
Cloud Security Team - Mission Increase organizational awareness of Cloud security through education, visualization and communication. Creating a risk aware culture that makes continuous security compliance everyone’s responsibility.
Cloud Security Team - Principles Gamifying Security Get out from the cave Don’t just say “NO” Ubiquitous encryption Cloud Native Security Share failures
Security JAM 2019 Scania Cloud Adoption – 4th of June 2019 Scania Cloud Security
21
Winning team
Security smells trend (May  November) Hand picked cloud accounts with low security posture New positive trend! Weekly security email
25 Thank You! Anders Lundsgård @anderslundsgard https://devops.vision

Recommended

DevOps journey at Scania - Visiting Migrationsverket
DevOps journey at Scania - Visiting MigrationsverketDevOps journey at Scania - Visiting Migrationsverket
DevOps journey at Scania - Visiting Migrationsverket
Anders Lundsgård
 
The DevOps journey in an Enterprise - CoDe-Conf. Stockholm September 14, 2017
The DevOps journey in an Enterprise - CoDe-Conf. Stockholm September 14, 2017The DevOps journey in an Enterprise - CoDe-Conf. Stockholm September 14, 2017
The DevOps journey in an Enterprise - CoDe-Conf. Stockholm September 14, 2017
Anders Lundsgård
 
Cloud @ Scania - Södertälje Science Week
Cloud @ Scania - Södertälje Science WeekCloud @ Scania - Södertälje Science Week
Cloud @ Scania - Södertälje Science Week
Anders Lundsgård
 
The Cloud journey in an Enterprise - Delivery of Things World - Berlin April ...
The Cloud journey in an Enterprise - Delivery of Things World - Berlin April ...The Cloud journey in an Enterprise - Delivery of Things World - Berlin April ...
The Cloud journey in an Enterprise - Delivery of Things World - Berlin April ...
Anders Lundsgård
 
The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...
The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...
The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...
Anders Lundsgård
 
Cloud summit 2019 - Scania
Cloud summit 2019 - ScaniaCloud summit 2019 - Scania
Cloud summit 2019 - Scania
Mattias Järnhäll
 
The Cloud Journey in an Enterprise - CoDe-Conf - Copenhagen October 11, 2018
The Cloud Journey in an Enterprise - CoDe-Conf - Copenhagen October 11, 2018 The Cloud Journey in an Enterprise - CoDe-Conf - Copenhagen October 11, 2018
The Cloud Journey in an Enterprise - CoDe-Conf - Copenhagen October 11, 2018
Anders Lundsgård
 
BizDevOps Transformation, Metrics and Microservices at Scania, June 2017 in L...
BizDevOps Transformation, Metrics and Microservices at Scania, June 2017 in L...BizDevOps Transformation, Metrics and Microservices at Scania, June 2017 in L...
BizDevOps Transformation, Metrics and Microservices at Scania, June 2017 in L...
Anders Lundsgård
 

Recommended

DevOps journey at Scania - Visiting Migrationsverket
DevOps journey at Scania - Visiting MigrationsverketDevOps journey at Scania - Visiting Migrationsverket
DevOps journey at Scania - Visiting Migrationsverket
Anders Lundsgård
 
The DevOps journey in an Enterprise - CoDe-Conf. Stockholm September 14, 2017
The DevOps journey in an Enterprise - CoDe-Conf. Stockholm September 14, 2017The DevOps journey in an Enterprise - CoDe-Conf. Stockholm September 14, 2017
The DevOps journey in an Enterprise - CoDe-Conf. Stockholm September 14, 2017
Anders Lundsgård
 
Cloud @ Scania - Södertälje Science Week
Cloud @ Scania - Södertälje Science WeekCloud @ Scania - Södertälje Science Week
Cloud @ Scania - Södertälje Science Week
Anders Lundsgård
 
The Cloud journey in an Enterprise - Delivery of Things World - Berlin April ...
The Cloud journey in an Enterprise - Delivery of Things World - Berlin April ...The Cloud journey in an Enterprise - Delivery of Things World - Berlin April ...
The Cloud journey in an Enterprise - Delivery of Things World - Berlin April ...
Anders Lundsgård
 
The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...
The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...
The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...
Anders Lundsgård
 
Cloud summit 2019 - Scania
Cloud summit 2019 - ScaniaCloud summit 2019 - Scania
Cloud summit 2019 - Scania
Mattias Järnhäll
 
The Cloud Journey in an Enterprise - CoDe-Conf - Copenhagen October 11, 2018
The Cloud Journey in an Enterprise - CoDe-Conf - Copenhagen October 11, 2018 The Cloud Journey in an Enterprise - CoDe-Conf - Copenhagen October 11, 2018
The Cloud Journey in an Enterprise - CoDe-Conf - Copenhagen October 11, 2018
Anders Lundsgård
 
BizDevOps Transformation, Metrics and Microservices at Scania, June 2017 in L...
BizDevOps Transformation, Metrics and Microservices at Scania, June 2017 in L...BizDevOps Transformation, Metrics and Microservices at Scania, June 2017 in L...
BizDevOps Transformation, Metrics and Microservices at Scania, June 2017 in L...
Anders Lundsgård
 
The DevOps Journey in an Enterprise - DOES 2021
The DevOps Journey in an Enterprise - DOES 2021The DevOps Journey in an Enterprise - DOES 2021
The DevOps Journey in an Enterprise - DOES 2021
Anders Lundsgård
 
DevOps @ Scania - Perforce on Tour, Berlin 2015
DevOps @ Scania - Perforce on Tour, Berlin 2015DevOps @ Scania - Perforce on Tour, Berlin 2015
DevOps @ Scania - Perforce on Tour, Berlin 2015
Anders Lundsgård
 
Embedding a Shift Left Culture in your Enterprise
Embedding a Shift Left Culture in your EnterpriseEmbedding a Shift Left Culture in your Enterprise
Embedding a Shift Left Culture in your Enterprise
Gerald Bachlmayr
 
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
Anders Lundsgård
 
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
Anders Lundsgård
 
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
VMware Tanzu
 
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
VMware Tanzu
 
Containers aren’t just for microservices – Containerizing Legacy Workloads
Containers aren’t just for microservices – Containerizing Legacy WorkloadsContainers aren’t just for microservices – Containerizing Legacy Workloads
Containers aren’t just for microservices – Containerizing Legacy Workloads
Oscar Renalias
 
Devops with Alibaba Cloud
Devops with Alibaba CloudDevops with Alibaba Cloud
Devops with Alibaba Cloud
gavaskar s
 
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
Anders Lundsgård
 
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
Anders Lundsgård
 
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanAgile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
India Scrum Enthusiasts Community
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD Pipeline
DevOps Indonesia
 
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV SubrahmaniamAgile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
India Scrum Enthusiasts Community
 
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRECloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Sanjeev Sharma
 
Containers at Netflx - An Evolving Story QConSF2015
Containers at Netflx - An Evolving Story QConSF2015Containers at Netflx - An Evolving Story QConSF2015
Containers at Netflx - An Evolving Story QConSF2015
Sangeeta Narayanan
 
50 production deployments a day, at least
50 production deployments a day, at least50 production deployments a day, at least
50 production deployments a day, at least
Oscar Renalias
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Vimal Suba
 
Serverless & Serverless Devops: Scaling Together
Serverless & Serverless Devops: Scaling TogetherServerless & Serverless Devops: Scaling Together
Serverless & Serverless Devops: Scaling Together
AaronLieberman5
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should know
Impressico Business Solutions
 
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native JourneyFrom COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
Ferhat Yildiz
 
Resume
ResumeResume
Resume
Md Zahir Uddin
 

More Related Content

What's hot

The DevOps Journey in an Enterprise - DOES 2021
The DevOps Journey in an Enterprise - DOES 2021The DevOps Journey in an Enterprise - DOES 2021
The DevOps Journey in an Enterprise - DOES 2021
Anders Lundsgård
 
DevOps @ Scania - Perforce on Tour, Berlin 2015
DevOps @ Scania - Perforce on Tour, Berlin 2015DevOps @ Scania - Perforce on Tour, Berlin 2015
DevOps @ Scania - Perforce on Tour, Berlin 2015
Anders Lundsgård
 
Embedding a Shift Left Culture in your Enterprise
Embedding a Shift Left Culture in your EnterpriseEmbedding a Shift Left Culture in your Enterprise
Embedding a Shift Left Culture in your Enterprise
Gerald Bachlmayr
 
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
Anders Lundsgård
 
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
Anders Lundsgård
 
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
VMware Tanzu
 
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
VMware Tanzu
 
Containers aren’t just for microservices – Containerizing Legacy Workloads
Containers aren’t just for microservices – Containerizing Legacy WorkloadsContainers aren’t just for microservices – Containerizing Legacy Workloads
Containers aren’t just for microservices – Containerizing Legacy Workloads
Oscar Renalias
 
Devops with Alibaba Cloud
Devops with Alibaba CloudDevops with Alibaba Cloud
Devops with Alibaba Cloud
gavaskar s
 
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
Anders Lundsgård
 
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
Anders Lundsgård
 
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanAgile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
India Scrum Enthusiasts Community
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD Pipeline
DevOps Indonesia
 
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV SubrahmaniamAgile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
India Scrum Enthusiasts Community
 
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRECloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Sanjeev Sharma
 
Containers at Netflx - An Evolving Story QConSF2015
Containers at Netflx - An Evolving Story QConSF2015Containers at Netflx - An Evolving Story QConSF2015
Containers at Netflx - An Evolving Story QConSF2015
Sangeeta Narayanan
 
50 production deployments a day, at least
50 production deployments a day, at least50 production deployments a day, at least
50 production deployments a day, at least
Oscar Renalias
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Vimal Suba
 
Serverless & Serverless Devops: Scaling Together
Serverless & Serverless Devops: Scaling TogetherServerless & Serverless Devops: Scaling Together
Serverless & Serverless Devops: Scaling Together
AaronLieberman5
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should know
Impressico Business Solutions
 

What's hot (20)

The DevOps Journey in an Enterprise - DOES 2021
The DevOps Journey in an Enterprise - DOES 2021The DevOps Journey in an Enterprise - DOES 2021
The DevOps Journey in an Enterprise - DOES 2021
 
DevOps @ Scania - Perforce on Tour, Berlin 2015
DevOps @ Scania - Perforce on Tour, Berlin 2015DevOps @ Scania - Perforce on Tour, Berlin 2015
DevOps @ Scania - Perforce on Tour, Berlin 2015
 
Embedding a Shift Left Culture in your Enterprise
Embedding a Shift Left Culture in your EnterpriseEmbedding a Shift Left Culture in your Enterprise
Embedding a Shift Left Culture in your Enterprise
 
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
The DevOps Journey in an Enterprise, Scania - Delivery Of Things World 2017
 
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
An agile journey - Scania Connected Services at Meetup Go Agile - Stockholm (...
 
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
Costruire Applicazioni Cloud-Native con Spring Boot (Pivotal Cloud-Native Wor...
 
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
 
Containers aren’t just for microservices – Containerizing Legacy Workloads
Containers aren’t just for microservices – Containerizing Legacy WorkloadsContainers aren’t just for microservices – Containerizing Legacy Workloads
Containers aren’t just for microservices – Containerizing Legacy Workloads
 
Devops with Alibaba Cloud
Devops with Alibaba CloudDevops with Alibaba Cloud
Devops with Alibaba Cloud
 
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
The DevOps journey in an Enterprise - Continuous Lifecycle London 2016
 
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
The DevOps journey in an Enterprise - Scania @ Swisscom software day 2016
 
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanAgile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD Pipeline
 
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV SubrahmaniamAgile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
 
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRECloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
Cloud expo 2018: From Apollo 13 to Google SRE - When DevOps meets SRE
 
Containers at Netflx - An Evolving Story QConSF2015
Containers at Netflx - An Evolving Story QConSF2015Containers at Netflx - An Evolving Story QConSF2015
Containers at Netflx - An Evolving Story QConSF2015
 
50 production deployments a day, at least
50 production deployments a day, at least50 production deployments a day, at least
50 production deployments a day, at least
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
 
Serverless & Serverless Devops: Scaling Together
Serverless & Serverless Devops: Scaling TogetherServerless & Serverless Devops: Scaling Together
Serverless & Serverless Devops: Scaling Together
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should know
 

Similar to Scania's DevSecOps approach - Gamifying Security - auto:CODE

From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native JourneyFrom COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
Ferhat Yildiz
 
Resume
ResumeResume
Resume
Md Zahir Uddin
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
Cloud Computing Services
Cloud Computing ServicesCloud Computing Services
Cloud Computing Services
lavanyamohan45
 
The Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian CockcroftThe Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian Cockcroft
Dun & Bradstreet Cloud Innovation Center
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementation
Aspire Systems
 
A Quick Introduction to Microsoft Azure Public Cloud
A Quick Introduction to Microsoft Azure Public CloudA Quick Introduction to Microsoft Azure Public Cloud
A Quick Introduction to Microsoft Azure Public Cloud
ZNetLive
 
Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017
Alex Rhea
 
Matias Creimerman - Cloud migration and modernization effort
Matias Creimerman - Cloud migration and modernization effortMatias Creimerman - Cloud migration and modernization effort
Matias Creimerman - Cloud migration and modernization effort
Matias Creimerman
 
IaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysisIaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysis
Graisy Biswal
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
Amazon Web Services
 
SD-WAN_MoD.pptx for SD WAN networks connectivity
SD-WAN_MoD.pptx for SD WAN networks connectivitySD-WAN_MoD.pptx for SD WAN networks connectivity
SD-WAN_MoD.pptx for SD WAN networks connectivity
bayusch
 
Dedicated Web Hosting & Cloud Hosting Service Providers in India - i2k2 Networks
Dedicated Web Hosting & Cloud Hosting Service Providers in India - i2k2 NetworksDedicated Web Hosting & Cloud Hosting Service Providers in India - i2k2 Networks
Dedicated Web Hosting & Cloud Hosting Service Providers in India - i2k2 Networks
i2k2 Networks (P) Ltd.
 
POST GRADUATE PROGRAM IN CLOUD COMPUTING
POST GRADUATE PROGRAM IN CLOUD COMPUTINGPOST GRADUATE PROGRAM IN CLOUD COMPUTING
POST GRADUATE PROGRAM IN CLOUD COMPUTING
MamathaSharma4
 
cloudtoolsandcomputingwithcloudsssss.pptx
cloudtoolsandcomputingwithcloudsssss.pptxcloudtoolsandcomputingwithcloudsssss.pptx
cloudtoolsandcomputingwithcloudsssss.pptx
asraniyashika11
 
DevOps And Cloud Solutions
DevOps And Cloud SolutionsDevOps And Cloud Solutions
DevOps And Cloud Solutions
Mobiloitte Technologies
 
Applying lean, dev ops, and cloud for better business outcomes
Applying lean, dev ops, and cloud for better business outcomesApplying lean, dev ops, and cloud for better business outcomes
Applying lean, dev ops, and cloud for better business outcomes
Kartik Kanakasabesan
 
GOTO Berlin 2016
GOTO Berlin 2016GOTO Berlin 2016
GOTO Berlin 2016
Christian Deger
 
Présentation openstackinaction v1.2
Présentation openstackinaction v1.2Présentation openstackinaction v1.2
Présentation openstackinaction v1.2Regis Allegre
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201
Amazon Web Services
 

Similar to Scania's DevSecOps approach - Gamifying Security - auto:CODE (20)

From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native JourneyFrom COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
 
Resume
ResumeResume
Resume
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Cloud Computing Services
Cloud Computing ServicesCloud Computing Services
Cloud Computing Services
 
The Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian CockcroftThe Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian Cockcroft
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementation
 
A Quick Introduction to Microsoft Azure Public Cloud
A Quick Introduction to Microsoft Azure Public CloudA Quick Introduction to Microsoft Azure Public Cloud
A Quick Introduction to Microsoft Azure Public Cloud
 
Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017
 
Matias Creimerman - Cloud migration and modernization effort
Matias Creimerman - Cloud migration and modernization effortMatias Creimerman - Cloud migration and modernization effort
Matias Creimerman - Cloud migration and modernization effort
 
IaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysisIaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysis
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
SD-WAN_MoD.pptx for SD WAN networks connectivity
SD-WAN_MoD.pptx for SD WAN networks connectivitySD-WAN_MoD.pptx for SD WAN networks connectivity
SD-WAN_MoD.pptx for SD WAN networks connectivity
 
Dedicated Web Hosting & Cloud Hosting Service Providers in India - i2k2 Networks
Dedicated Web Hosting & Cloud Hosting Service Providers in India - i2k2 NetworksDedicated Web Hosting & Cloud Hosting Service Providers in India - i2k2 Networks
Dedicated Web Hosting & Cloud Hosting Service Providers in India - i2k2 Networks
 
POST GRADUATE PROGRAM IN CLOUD COMPUTING
POST GRADUATE PROGRAM IN CLOUD COMPUTINGPOST GRADUATE PROGRAM IN CLOUD COMPUTING
POST GRADUATE PROGRAM IN CLOUD COMPUTING
 
cloudtoolsandcomputingwithcloudsssss.pptx
cloudtoolsandcomputingwithcloudsssss.pptxcloudtoolsandcomputingwithcloudsssss.pptx
cloudtoolsandcomputingwithcloudsssss.pptx
 
DevOps And Cloud Solutions
DevOps And Cloud SolutionsDevOps And Cloud Solutions
DevOps And Cloud Solutions
 
Applying lean, dev ops, and cloud for better business outcomes
Applying lean, dev ops, and cloud for better business outcomesApplying lean, dev ops, and cloud for better business outcomes
Applying lean, dev ops, and cloud for better business outcomes
 
GOTO Berlin 2016
GOTO Berlin 2016GOTO Berlin 2016
GOTO Berlin 2016
 
Présentation openstackinaction v1.2
Présentation openstackinaction v1.2Présentation openstackinaction v1.2
Présentation openstackinaction v1.2
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201
 

Recently uploaded

Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
IP ServerOne
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Matjaž Lipuš
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
Faculty of Medicine And Health Sciences
 
Media as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern EraMedia as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern Era
faizulhassanfaiz1670
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
Howard Spence
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Orkestra
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Sebastiano Panichella
 
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdfSupercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Access Innovations, Inc.
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Sebastiano Panichella
 
Gregory Harris' Civics Presentation.pptx
Gregory Harris' Civics Presentation.pptxGregory Harris' Civics Presentation.pptx
Gregory Harris' Civics Presentation.pptx
gharris9
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
Sebastiano Panichella
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
Access Innovations, Inc.
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
OWASP Beja
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 
María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024
eCommerce Institute
 

Recently uploaded (17)

Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
 
Media as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern EraMedia as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern Era
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
 
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdfSupercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
 
Gregory Harris' Civics Presentation.pptx
Gregory Harris' Civics Presentation.pptxGregory Harris' Civics Presentation.pptx
Gregory Harris' Civics Presentation.pptx
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 
María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024
 

Scania's DevSecOps approach - Gamifying Security - auto:CODE

Editor's Notes

  1. Scania’s DevSecOps Approach – Gamifying Security in the Cloud Anders will share Scania’s journey to the Cloud. How we have transformed the organization and our strategies for enabling teams to work autonomous with building, shipping and securing their applications in AWS. Key Takeaways * Establishing Self-Sufficient, Autonomous Software Teams * Managing 100+ Teams and 400+ Accounts in The Cloud * How We Make Security Fun for Developers via Gamification * Security Is Everyone’s Job!
  2. Ops1: “Wait until Tuesdays CAB!” Dev1: “You must start to code and version your stuff” Dev2: “Use my repo. I’ll be contributing”
  3. Ops1: “Wait until Tuesdays CAB!” Dev1: “You must start to code and version your stuff” Dev2: “Use my repo. I’ll be contributing”
  4. 2+ servers (load balanced) No state on servers Live upgrade of Database schema
  5. 2+ servers (load balanced) No state on servers Live upgrade of Database schema
  6. Moved from software projects to agile teams and continuous integration. Even with continuous integration and agile teams it is hard to maintain a big codebase Also about 4 times more check-ins with the microservice architecture.
  7. Version Control hosted in cloud: VCS is like bread and butter: Free for everyone Enabled fully automation in AWS
  8. $en,Joanna$ Over 50 engineers participated in the security jam. $en,Joanna$ 13 teams with 4 engineers in each team.
  9. $en,Joanna$ Hello. This is a summary of the AWS Security Jam event hosted by AWS professional services and Scania Cloud Adoption.
  10. $en,Joanna$ The day started with a short introduction on how to register and get started with the Security Jam.
  11. $en,Joanna$ There were 10 challenges of various difficulty. Taking clues reduced the score for accomplish a challenge. $en,Joanna$ 6 hours of focused work ended up in, without doubt, amazing results.
  12. $en,Joanna$ Exciting to follow the scoreboard as the day progressed.