Recommended
More Related Content
What's hot
What's hot (20)
Similar to Shift Left Security: Development Does Not Want to Own It.
Similar to Shift Left Security: Development Does Not Want to Own It. (20)
More from Aggregage
More from Aggregage (20)
Recently uploaded
Recently uploaded (20)
Shift Left Security: Development Does Not Want to Own It.
- 1. Shift Left Security? Development Does Not Want to Own It. Shlomo Bielak George Davis With: With: TO USE YOUR COMPUTER'S AUDIO: When the webinar begins, you will be connected to audio using your computer's microphone and speakers (VoIP). A headset is recommended. Webinar will begin: 11:00 am, PST TO USE YOUR TELEPHONE: If you prefer to use your phone, you must select "Use Telephone" after joining the webinar and call in using the numbers below. United States: +1 (213) 929-4212 Access Code: 255-485-743 Audio PIN: Shown after joining the webinar --OR--
- 2. 2 For over 30 years, Trend Micro’s unwavering vision has been to make the world safe for exchanging digital information. Security is our entire focus, and it shows. This single-minded passion has inspired our innovations that keep up with the bad guys despite a changing IT landscape, riskier user behavior, and constantly evolving threats. The depth of our experience remains unmatched. From the endpoint to the network to the cloud, we’ve got you covered with a connected threat defense recognized by analysts, customers, and industry gurus of all kinds. Our seamless protection for your mission-critical environments doesn’t just happen. We have developed deep relationships and partnered with industry leaders that you can trust. Our security is optimized for leading environments, platforms, and applications that are needed to maximize protection and performance.
- 3. 3 Click on the Questions panel to interact with the presenters https://www.informationmanagementtoday.com/frs/14625244/shift-left-security-- development-does-not-want-to-own-it-
- 4. 4 About Shlomo Bielak Shlomo, Benchmark Corp’s CTO is building expertise to shift global markets in understanding how to make a transformational initiative scale without heroics. His experience and thought leadership coupled with his talented engineering effectiveness department are creating never-before-seen solutions for Multi-Cloud, DevOps, DevSecOps, and enabling continuous deployment to production for the enterprise. A rich and responsive customer experience. About George Davis George is a DevOps and Cloud expert at Trend Micro. He works closely with Trend Micro’s customers and partners to build layers of security into every step of their CI/CD pipeline. His experience working in Dev, Test, Ops and Security helps customers to connect the dots, deliver continuously, and iterate often while maintaining a healthy security posture. He primarily focuses on Cloud One - Trend Micro's Security Services platform for the Cloud, securing application runtime, container/server/serverless workloads and overall, better management of governance, risk and compliance in the Cloud.
- 5. Applying Shift Left Go Tri-Centric George Davis – Trend Shlomo Bielak – Benchmark Corp Benchmark Confidential
- 6. THIS IS COMPLEX & FAILS BUY ANOTHER COMPANY - HARDER THIS IS FUN Dev-Centric Works! ENTERPRISE Sell ‘X’ to customers STARTUP Sell ‘X’ to customers DELIVER CODE FAST – CHANGE NPS Brand SLA Regulatory / Security Code drop Code drop Code drop Code drop DELIVER CODE FAST – CHANGE Realities of Shift-Left POC POV LAB SUSTAIN & SCALE
- 7. 7 DESIRE: Commit Code CORE COMPETENCY: Coding DESIRE: Confident Steward of Prod CORE COMPETENCY: Operational Excellence DESIRE: Risk Managed CORE COMPETENCY: Governance Developer / DevOps SRE / OPS Security Expert Enterprise Personas - Today’s Approach?
- 8. 8 THIS REQUIRES SOLDIERS OF FORTUNE THE INTERACTION MODEL IS THREATENING THE INTERACTION MODEL IS POOR Making Dev Own Security/Ops Requirements Operations Does Not Feel Valued Security Is Seen As Slowing Down Dev Dev-Centric Shift left RESPONSIBILITY ACCOUNTABILITY ACCOUNTABILITY
- 9. Security Is More Than Code REVIEWING COMMON IT SECURITY FRAMEWORKS ISO NIST FEDRAMP FISMA PCI CIS Completed with Code √ Requires Education √ Requires Audit Process Focus Incident Focused √ √ √ √ √ √ √ √ √ √ √ √ SDLC Component √ √ √ √√ √ √
- 11. GOVERNANCE ENGINEERING MEASURE CX RESPONSIVENESS MODEL DeploymentPipeline If(is_array($v[?])) IN PRACTICE Orchestration Pipeline – CI/CD Governance Standards – Checking Tags and Values = KPI per service Dev Workflow QA Workflow Staging Workflow Prod Workflow Task Task Task Task Task Task Task Task Tag/ Value Tag/ Value Tag/ Value Tag/ Value Tag/ Value Tag/ Value Tag/ Value Tag/ Value LAYERS OF PIPELINE GOVERNANCE STANDARDS Regulatory (i.e. PCI) Criticality or Service Tier (i.e. Platinum) Quality (i.e. Code) Stage (i.e. Development) Target (i.e. Cloud Provider) OUTPUT KPIs – Compliance % per service Auditability Customer Loyalty / Brand Quality / Cost Savings Human Toll (i.e. Fire fighting hours) Talent pool development
- 12. Security In Practice Pipeline Tasks LAYERS OF PIPELINE TASKS Measure – Integration Pipeline Standards – Identify Tech Debt Over time – Maturity & Standards Improve Measure - Output Unique Per Stage Gate or Threshold or Track Continuous Improvement of Standards 1 2 Evaluate - Release to Release Delta Values – Not starting value Better Worse
- 13. 13 THIS REQUIRES COLLABORATION THE INTERACTION MODEL IS INVOLVEMENT THE INTERACTION MODEL IS RESPONSIVE MAKING DEV OWN CODE AGAIN OPERATIONS HANDLES DIFFICULT PRESSURES - REDUCE WITH CODING SECURITY BRINGS THEIR BALLIWICK – MEASURE CONFORMANCE AND FITNESS Tri-Centric Shift Left – Governance Engineering Operating Model
- 14. 14 Q&A George Davis With: With: CTO, Benchmark Corp. Linkedin: in/ciscoconsultant Website: benchmarkcorp.com Shlomo Bielak Sales Engineer, Trend Micro Linkedin page: /in/georgedavisc/ Website: https://gdcrocx.github.io/ https://www.informationmanagementtoday.com/frs/14625244/shift-left-security--development-does-not-want- to-own-it-
- 15. Thank you!