SlideShare a Scribd company logo

Red Button Security: Molly Crowther's Keynote

VMware Tanzu
VMware Tanzu

Molly Crowther presents on how Pivotal Software implemented a security vulnerability reporting process modeled after the Toyota Production System's "andon cord". The process involved establishing an email address for security reports, triaging incoming reports, discussing issues with engineering teams to understand severity and fixes, and releasing CVEs once issues were resolved. This allowed security issues to be addressed without disrupting ongoing work. Over time, the process was refined through iterations and lessons learned.

Software
1 of 30
Download to read offline
The Red Button: Adventures in Security Leadership Molly Crowther October 7–10, 2019 Austin Convention Center
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ About Me Molly Crowther 2 Staff Technical Program Manager / TPM + Docs Manager ● Cloud Foundry vulnerability management ● Customer security assessments ● Security leadership team ● Security education
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What I'm going to talk about vs. 3
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Basics
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What is an andon cord? ● Toyota Production System ● Lights up ● Figure out what's wrong ● Stops the line if the problem can't be fixed quickly ● Line starts when the problem is resolved 5
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Well… it's actually more complicated ● Series of steps designed to increase psychological safety of calling out defects 6
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What is psychological safety ● Safety needed to take interpersonal risks (i.e. learn!) ● Google found it was the most important factor for high-performing teams (at Google) 7
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ How do you increase psychological safety ● Demonstrate engagement ● Show understanding ● Be inclusive in interpersonal settings (includes expressing gratitude) ● Be inclusive in decision making ● Show confidence and conviction without inflexibility Source: https://docs.google.com/document/d/1PsnDMS2emcPLgM LFAQCXZjO7C4j2hJ7znOq_g2Zkjgk/export?format=pdf 8
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What really happens ● Manager physically goes to the workstation ○ ● Thanks the person who pulled the cord ○ ● Talks to them to try to understand the problem ("How can I help you?") ○ ● Line can start again when the problem is resolved, hopefully by the team ○ 9
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What really happens ● Manager physically goes to the workstation ○ Demonstrates engagement! ● Thanks the person who pulled the cord ○ Inclusive in interpersonal settings! ● Talks to them to try to understand the problem ("How can I help you?") ○ Shows understanding! ● Line can start again when the problem is resolved, hopefully by the team ○ Inclusive decision-making! Showing conviction! 1 0
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Another example of this? Concourse! ● Automated! ● Everyone around can see it ● Build turns red, testing stops ● Have to fix it before you can start again ● Normalizes failure! 11
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Continuous improvement! ● Toyota actually started getting rid of andon cords in 2014! ● They replaced them with big yellow buttons ● Wanted to reduce overhead clutter ● Buttons are wireless so they can move them around and reconfigure the workspace ● No cords to trip on Source: https://www.autonews.com/article/20140805/OEM01/140809892/toyota-cutting-th e-fabled-andon-cord-symbol-of-toyota-way 1 2
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What did we do?
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What did we do in CF? ● We knew that we didn't know what all the issues were OR how we could find out (super scary to leadership!) ● Needed the people closest to the information to tell us what was wrong ● Help everyone understand that we needed a psychologically safe security environment ● We made our own andon cord (kind of) 1 4
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ History ● security@pivotal.io! ● First emails in March 2016 ● First mention in slack was from June 2016 ● First ticket in October 2016 ● Triage team formed in December 2016 (shoutout to Rash and Anthony) ● Top 40 vendor on CVEdetails.com by 2017 ● Still going strong after several PM changes and lots of engineering rotations 1 5
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 1 6 Someone emails security@
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 1 7 Someone emails security@ Automated thank you
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 1 8 Someone emails security@ Automated thank you Triage team takes a look
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 1 9 Someone emails security@ Automated thank you Triage team takes a look Might be irrelevant, they respond and close the ticket
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 2 0 Someone emails security@ Automated thank you Triage team takes a look Might be irrelevant, they respond and close the ticket Start a slack channel, talk to the team
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 2 1 Someone emails security@ Automated thank you Triage team takes a look Might be irrelevant, they respond and close the ticket Start a slack channel, talk to the team Team helps understand severity, fixes the issue
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 2 2 Someone emails security@ Automated thank you Triage team takes a look Might be irrelevant, they respond and close the ticket Start a slack channel, talk to the team Team helps understand severity, fixes the issue CVE goes out, issue is closed
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ In hindsight... ● I didn't know it at the time but we were implementing the same practices as Toyota. ○ Email to the security team could interrupt flow of what team was working on ○ Automated thank you ○ Triage team would come to the team to understand the issue and severity ○ Team would make the necessary changes ○ Work could continue on other features 2 3
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What did we learn?
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ It's tough! ● Psychological safety doesn't come automatically or overnight ○ Baggage - other companies or experiences ○ Intentional - had to explain who we were and why we were asking questions ○ Fear - people would reach out to me before sending ○ Overreactions - making people work on the weekend, upsetting the community 2 5
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Iterations ● Engagement from leadership ● Started with an email + a few people, eventually moved to a ticketing system and a dedicated team ● Few different types of classifications for security issues over time ● Timing of releases ● Team time zones ● Support embeds ● Closer partnership with infosec ● Davos! 2 6
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Shoutouts LL - Alex Jackson R&D Leadership - Onsi Fakhouri, Mike Dalessio OG Triage pair - Rasheed Abdul-Aziz and Anthony Emengo PMs - Steven Levine, Dan Jahner, Jake Knostman Engineers Justin Sampson Margaret Crawford Ramkumar Vengadakrishnan Steven Locke Tim Hausler Adam Berkovec Andrew Edstrom Anna Thornton Annie Sing Anoop Gopalakrishnan Aram Price Ben Moss 2 7 Brian Vullo Can Berk Güder Charles Vieth Christopher Brown Clement Ng Dan Jahner Dhruv Sheth Jesse Malone Jim Myers Joe Kirwin Julien Cherry Kalai Wei Kris Hicks Mark Fussell Merric de Launey Michelle He Natasha Hull-Richter Nayan Chandni Phil Goodwin Rob Dimsdale-Zucker Slawek Ligus Tony Wong Weyman Fung William Brandon
Thanks! #springone@s1p
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resources ● https://itrevolution.com/kata/ ● https://www.leanvets.com/2018/05/andon-cords-and-practice.html ● https://rework.withgoogle.com/guides/understanding-team-effectiveness/ste ps/foster-psychological-safety/ 2 9
Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Safe Harbor Statement The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. These purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation.

Recommended

Human Factors in Security: Toward Security-Conscious Development
Human Factors in Security: Toward Security-Conscious DevelopmentHuman Factors in Security: Toward Security-Conscious Development
Human Factors in Security: Toward Security-Conscious DevelopmentVMware Tanzu
 
Architectures That Bend But Don't Break
Architectures That Bend But Don't BreakArchitectures That Bend But Don't Break
Architectures That Bend But Don't BreakVMware Tanzu
 
So You're Up to Your Eyes in Foundations
So You're Up to Your Eyes in FoundationsSo You're Up to Your Eyes in Foundations
So You're Up to Your Eyes in FoundationsVMware Tanzu
 
Data Driven Decision Making for Product Development
Data Driven Decision Making for Product DevelopmentData Driven Decision Making for Product Development
Data Driven Decision Making for Product DevelopmentVMware Tanzu
 
Healthy Agile Product Security
Healthy Agile Product SecurityHealthy Agile Product Security
Healthy Agile Product SecurityVMware Tanzu
 
Drive-In Meets Digital: Modernizing a Classic Customer Experience
Drive-In Meets Digital: Modernizing a Classic Customer ExperienceDrive-In Meets Digital: Modernizing a Classic Customer Experience
Drive-In Meets Digital: Modernizing a Classic Customer ExperienceVMware Tanzu
 
Success at Scale: It’s Hard, But Achievable
Success at Scale: It’s Hard, But AchievableSuccess at Scale: It’s Hard, But Achievable
Success at Scale: It’s Hard, But AchievableVMware Tanzu
 
Platform Health Assessment at Department of Homeland Security Citizenship and...
Platform Health Assessment at Department of Homeland Security Citizenship and...Platform Health Assessment at Department of Homeland Security Citizenship and...
Platform Health Assessment at Department of Homeland Security Citizenship and...VMware Tanzu
 

Recommended

Human Factors in Security: Toward Security-Conscious Development
Human Factors in Security: Toward Security-Conscious DevelopmentHuman Factors in Security: Toward Security-Conscious Development
Human Factors in Security: Toward Security-Conscious DevelopmentVMware Tanzu
 
Architectures That Bend But Don't Break
Architectures That Bend But Don't BreakArchitectures That Bend But Don't Break
Architectures That Bend But Don't BreakVMware Tanzu
 
So You're Up to Your Eyes in Foundations
So You're Up to Your Eyes in FoundationsSo You're Up to Your Eyes in Foundations
So You're Up to Your Eyes in FoundationsVMware Tanzu
 
Data Driven Decision Making for Product Development
Data Driven Decision Making for Product DevelopmentData Driven Decision Making for Product Development
Data Driven Decision Making for Product DevelopmentVMware Tanzu
 
Healthy Agile Product Security
Healthy Agile Product SecurityHealthy Agile Product Security
Healthy Agile Product SecurityVMware Tanzu
 
Drive-In Meets Digital: Modernizing a Classic Customer Experience
Drive-In Meets Digital: Modernizing a Classic Customer ExperienceDrive-In Meets Digital: Modernizing a Classic Customer Experience
Drive-In Meets Digital: Modernizing a Classic Customer ExperienceVMware Tanzu
 
Success at Scale: It’s Hard, But Achievable
Success at Scale: It’s Hard, But AchievableSuccess at Scale: It’s Hard, But Achievable
Success at Scale: It’s Hard, But AchievableVMware Tanzu
 
Platform Health Assessment at Department of Homeland Security Citizenship and...
Platform Health Assessment at Department of Homeland Security Citizenship and...Platform Health Assessment at Department of Homeland Security Citizenship and...
Platform Health Assessment at Department of Homeland Security Citizenship and...VMware Tanzu
 
Highly Available and Resilient Multi-Site Deployments Using Spinnaker
Highly Available and Resilient Multi-Site Deployments Using SpinnakerHighly Available and Resilient Multi-Site Deployments Using Spinnaker
Highly Available and Resilient Multi-Site Deployments Using SpinnakerVMware Tanzu
 
Application Archaeology: Accelerating App Modernization at DICK’S Sporting Goods
Application Archaeology: Accelerating App Modernization at DICK’S Sporting GoodsApplication Archaeology: Accelerating App Modernization at DICK’S Sporting Goods
Application Archaeology: Accelerating App Modernization at DICK’S Sporting GoodsVMware Tanzu
 
Modernizing Digital APIs Platform to Cloud-Native Microservices
Modernizing Digital APIs Platform to Cloud-Native MicroservicesModernizing Digital APIs Platform to Cloud-Native Microservices
Modernizing Digital APIs Platform to Cloud-Native MicroservicesVMware Tanzu
 
Automating Brownfield Application Modernization on Pivotal Cloud Foundry
Automating Brownfield Application Modernization on Pivotal Cloud FoundryAutomating Brownfield Application Modernization on Pivotal Cloud Foundry
Automating Brownfield Application Modernization on Pivotal Cloud FoundryVMware Tanzu
 
Fast 5 Things You Can Do Now to Get Ready for the Cloud
Fast 5 Things You Can Do Now to Get Ready for the CloudFast 5 Things You Can Do Now to Get Ready for the Cloud
Fast 5 Things You Can Do Now to Get Ready for the CloudVMware Tanzu
 
Architectures That Bend but Don't Break
Architectures That Bend but Don't BreakArchitectures That Bend but Don't Break
Architectures That Bend but Don't BreakMatt Stine
 
Experience + Education = Empowerment
Experience + Education = EmpowermentExperience + Education = Empowerment
Experience + Education = EmpowermentVMware Tanzu
 
AutoZone and the Road to Cloud Native
AutoZone and the Road to Cloud NativeAutoZone and the Road to Cloud Native
AutoZone and the Road to Cloud NativeVMware Tanzu
 
PCF 2.3: A First Look
PCF 2.3: A First LookPCF 2.3: A First Look
PCF 2.3: A First LookVMware Tanzu
 
Accelerating the Developers' Road to the Cloud at Enterprise Scale
Accelerating the Developers' Road to the Cloud at Enterprise ScaleAccelerating the Developers' Road to the Cloud at Enterprise Scale
Accelerating the Developers' Road to the Cloud at Enterprise ScaleVMware Tanzu
 
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John Blum
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John BlumFrom Zero to Cloud using Spring with Cloud-Native Data Technologies - John Blum
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John BlumVMware Tanzu
 
In the workshop with GCP, Home Depot & Cloud Foundry
In the workshop with GCP, Home Depot & Cloud FoundryIn the workshop with GCP, Home Depot & Cloud Foundry
In the workshop with GCP, Home Depot & Cloud FoundryChristopher Grant
 
Productize your services! A path towards effective microservice development
Productize your services! A path towards effective microservice developmentProductize your services! A path towards effective microservice development
Productize your services! A path towards effective microservice developmentVMware Tanzu
 
Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)Reshmi Krishna
 
Spring Cloud Gateway - Stéphane Maldini
Spring Cloud Gateway - Stéphane MaldiniSpring Cloud Gateway - Stéphane Maldini
Spring Cloud Gateway - Stéphane MaldiniVMware Tanzu
 
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerce
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerceWhat We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerce
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerceVMware Tanzu
 
Square Pegs, Square Holes: CI/CD That Fits
Square Pegs, Square Holes: CI/CD That FitsSquare Pegs, Square Holes: CI/CD That Fits
Square Pegs, Square Holes: CI/CD That FitsVMware Tanzu
 
Spring Cloud Gateway
Spring Cloud GatewaySpring Cloud Gateway
Spring Cloud GatewayStéphane Maldini
 
Deliver Your Service on PKS
Deliver Your Service on PKSDeliver Your Service on PKS
Deliver Your Service on PKSVMware Tanzu
 
PCF Killed the ITSM Star
PCF Killed the ITSM StarPCF Killed the ITSM Star
PCF Killed the ITSM StarKyle Campos
 
What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 

More Related Content

Similar to Red Button Security: Molly Crowther's Keynote

Highly Available and Resilient Multi-Site Deployments Using Spinnaker
Highly Available and Resilient Multi-Site Deployments Using SpinnakerHighly Available and Resilient Multi-Site Deployments Using Spinnaker
Highly Available and Resilient Multi-Site Deployments Using SpinnakerVMware Tanzu
 
Application Archaeology: Accelerating App Modernization at DICK’S Sporting Goods
Application Archaeology: Accelerating App Modernization at DICK’S Sporting GoodsApplication Archaeology: Accelerating App Modernization at DICK’S Sporting Goods
Application Archaeology: Accelerating App Modernization at DICK’S Sporting GoodsVMware Tanzu
 
Modernizing Digital APIs Platform to Cloud-Native Microservices
Modernizing Digital APIs Platform to Cloud-Native MicroservicesModernizing Digital APIs Platform to Cloud-Native Microservices
Modernizing Digital APIs Platform to Cloud-Native MicroservicesVMware Tanzu
 
Automating Brownfield Application Modernization on Pivotal Cloud Foundry
Automating Brownfield Application Modernization on Pivotal Cloud FoundryAutomating Brownfield Application Modernization on Pivotal Cloud Foundry
Automating Brownfield Application Modernization on Pivotal Cloud FoundryVMware Tanzu
 
Fast 5 Things You Can Do Now to Get Ready for the Cloud
Fast 5 Things You Can Do Now to Get Ready for the CloudFast 5 Things You Can Do Now to Get Ready for the Cloud
Fast 5 Things You Can Do Now to Get Ready for the CloudVMware Tanzu
 
Architectures That Bend but Don't Break
Architectures That Bend but Don't BreakArchitectures That Bend but Don't Break
Architectures That Bend but Don't BreakMatt Stine
 
Experience + Education = Empowerment
Experience + Education = EmpowermentExperience + Education = Empowerment
Experience + Education = EmpowermentVMware Tanzu
 
AutoZone and the Road to Cloud Native
AutoZone and the Road to Cloud NativeAutoZone and the Road to Cloud Native
AutoZone and the Road to Cloud NativeVMware Tanzu
 
PCF 2.3: A First Look
PCF 2.3: A First LookPCF 2.3: A First Look
PCF 2.3: A First LookVMware Tanzu
 
Accelerating the Developers' Road to the Cloud at Enterprise Scale
Accelerating the Developers' Road to the Cloud at Enterprise ScaleAccelerating the Developers' Road to the Cloud at Enterprise Scale
Accelerating the Developers' Road to the Cloud at Enterprise ScaleVMware Tanzu
 
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John Blum
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John BlumFrom Zero to Cloud using Spring with Cloud-Native Data Technologies - John Blum
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John BlumVMware Tanzu
 
In the workshop with GCP, Home Depot & Cloud Foundry
In the workshop with GCP, Home Depot & Cloud FoundryIn the workshop with GCP, Home Depot & Cloud Foundry
In the workshop with GCP, Home Depot & Cloud FoundryChristopher Grant
 
Productize your services! A path towards effective microservice development
Productize your services! A path towards effective microservice developmentProductize your services! A path towards effective microservice development
Productize your services! A path towards effective microservice developmentVMware Tanzu
 
Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)Reshmi Krishna
 
Spring Cloud Gateway - Stéphane Maldini
Spring Cloud Gateway - Stéphane MaldiniSpring Cloud Gateway - Stéphane Maldini
Spring Cloud Gateway - Stéphane MaldiniVMware Tanzu
 
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerce
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerceWhat We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerce
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerceVMware Tanzu
 
Square Pegs, Square Holes: CI/CD That Fits
Square Pegs, Square Holes: CI/CD That FitsSquare Pegs, Square Holes: CI/CD That Fits
Square Pegs, Square Holes: CI/CD That FitsVMware Tanzu
 
Deliver Your Service on PKS
Deliver Your Service on PKSDeliver Your Service on PKS
Deliver Your Service on PKSVMware Tanzu
 
PCF Killed the ITSM Star
PCF Killed the ITSM StarPCF Killed the ITSM Star
PCF Killed the ITSM StarKyle Campos
 

Similar to Red Button Security: Molly Crowther's Keynote (20)

Highly Available and Resilient Multi-Site Deployments Using Spinnaker
Highly Available and Resilient Multi-Site Deployments Using SpinnakerHighly Available and Resilient Multi-Site Deployments Using Spinnaker
Highly Available and Resilient Multi-Site Deployments Using Spinnaker
 
Application Archaeology: Accelerating App Modernization at DICK’S Sporting Goods
Application Archaeology: Accelerating App Modernization at DICK’S Sporting GoodsApplication Archaeology: Accelerating App Modernization at DICK’S Sporting Goods
Application Archaeology: Accelerating App Modernization at DICK’S Sporting Goods
 
Modernizing Digital APIs Platform to Cloud-Native Microservices
Modernizing Digital APIs Platform to Cloud-Native MicroservicesModernizing Digital APIs Platform to Cloud-Native Microservices
Modernizing Digital APIs Platform to Cloud-Native Microservices
 
Automating Brownfield Application Modernization on Pivotal Cloud Foundry
Automating Brownfield Application Modernization on Pivotal Cloud FoundryAutomating Brownfield Application Modernization on Pivotal Cloud Foundry
Automating Brownfield Application Modernization on Pivotal Cloud Foundry
 
Fast 5 Things You Can Do Now to Get Ready for the Cloud
Fast 5 Things You Can Do Now to Get Ready for the CloudFast 5 Things You Can Do Now to Get Ready for the Cloud
Fast 5 Things You Can Do Now to Get Ready for the Cloud
 
Architectures That Bend but Don't Break
Architectures That Bend but Don't BreakArchitectures That Bend but Don't Break
Architectures That Bend but Don't Break
 
Experience + Education = Empowerment
Experience + Education = EmpowermentExperience + Education = Empowerment
Experience + Education = Empowerment
 
AutoZone and the Road to Cloud Native
AutoZone and the Road to Cloud NativeAutoZone and the Road to Cloud Native
AutoZone and the Road to Cloud Native
 
PCF 2.3: A First Look
PCF 2.3: A First LookPCF 2.3: A First Look
PCF 2.3: A First Look
 
Accelerating the Developers' Road to the Cloud at Enterprise Scale
Accelerating the Developers' Road to the Cloud at Enterprise ScaleAccelerating the Developers' Road to the Cloud at Enterprise Scale
Accelerating the Developers' Road to the Cloud at Enterprise Scale
 
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John Blum
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John BlumFrom Zero to Cloud using Spring with Cloud-Native Data Technologies - John Blum
From Zero to Cloud using Spring with Cloud-Native Data Technologies - John Blum
 
In the workshop with GCP, Home Depot & Cloud Foundry
In the workshop with GCP, Home Depot & Cloud FoundryIn the workshop with GCP, Home Depot & Cloud Foundry
In the workshop with GCP, Home Depot & Cloud Foundry
 
Productize your services! A path towards effective microservice development
Productize your services! A path towards effective microservice developmentProductize your services! A path towards effective microservice development
Productize your services! A path towards effective microservice development
 
Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)
 
Spring Cloud Gateway - Stéphane Maldini
Spring Cloud Gateway - Stéphane MaldiniSpring Cloud Gateway - Stéphane Maldini
Spring Cloud Gateway - Stéphane Maldini
 
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerce
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerceWhat We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerce
What We're Learning Adopting Spring Boot and PCF for Dell.com's eCommerce
 
Square Pegs, Square Holes: CI/CD That Fits
Square Pegs, Square Holes: CI/CD That FitsSquare Pegs, Square Holes: CI/CD That Fits
Square Pegs, Square Holes: CI/CD That Fits
 
Spring Cloud Gateway
Spring Cloud GatewaySpring Cloud Gateway
Spring Cloud Gateway
 
Deliver Your Service on PKS
Deliver Your Service on PKSDeliver Your Service on PKS
Deliver Your Service on PKS
 
PCF Killed the ITSM Star
PCF Killed the ITSM StarPCF Killed the ITSM Star
PCF Killed the ITSM Star
 

More from VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

More from VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Recently uploaded

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 

Recently uploaded (20)

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 

Red Button Security: Molly Crowther's Keynote

  • 1. The Red Button: Adventures in Security Leadership Molly Crowther October 7–10, 2019 Austin Convention Center
  • 2. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ About Me Molly Crowther 2 Staff Technical Program Manager / TPM + Docs Manager ● Cloud Foundry vulnerability management ● Customer security assessments ● Security leadership team ● Security education
  • 3. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What I'm going to talk about vs. 3
  • 4. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Basics
  • 5. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What is an andon cord? ● Toyota Production System ● Lights up ● Figure out what's wrong ● Stops the line if the problem can't be fixed quickly ● Line starts when the problem is resolved 5
  • 6. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Well… it's actually more complicated ● Series of steps designed to increase psychological safety of calling out defects 6
  • 7. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What is psychological safety ● Safety needed to take interpersonal risks (i.e. learn!) ● Google found it was the most important factor for high-performing teams (at Google) 7
  • 8. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ How do you increase psychological safety ● Demonstrate engagement ● Show understanding ● Be inclusive in interpersonal settings (includes expressing gratitude) ● Be inclusive in decision making ● Show confidence and conviction without inflexibility Source: https://docs.google.com/document/d/1PsnDMS2emcPLgM LFAQCXZjO7C4j2hJ7znOq_g2Zkjgk/export?format=pdf 8
  • 9. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What really happens ● Manager physically goes to the workstation ○ ● Thanks the person who pulled the cord ○ ● Talks to them to try to understand the problem ("How can I help you?") ○ ● Line can start again when the problem is resolved, hopefully by the team ○ 9
  • 10. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What really happens ● Manager physically goes to the workstation ○ Demonstrates engagement! ● Thanks the person who pulled the cord ○ Inclusive in interpersonal settings! ● Talks to them to try to understand the problem ("How can I help you?") ○ Shows understanding! ● Line can start again when the problem is resolved, hopefully by the team ○ Inclusive decision-making! Showing conviction! 1 0
  • 11. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Another example of this? Concourse! ● Automated! ● Everyone around can see it ● Build turns red, testing stops ● Have to fix it before you can start again ● Normalizes failure! 11
  • 12. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Continuous improvement! ● Toyota actually started getting rid of andon cords in 2014! ● They replaced them with big yellow buttons ● Wanted to reduce overhead clutter ● Buttons are wireless so they can move them around and reconfigure the workspace ● No cords to trip on Source: https://www.autonews.com/article/20140805/OEM01/140809892/toyota-cutting-th e-fabled-andon-cord-symbol-of-toyota-way 1 2
  • 13. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What did we do?
  • 14. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What did we do in CF? ● We knew that we didn't know what all the issues were OR how we could find out (super scary to leadership!) ● Needed the people closest to the information to tell us what was wrong ● Help everyone understand that we needed a psychologically safe security environment ● We made our own andon cord (kind of) 1 4
  • 15. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ History ● security@pivotal.io! ● First emails in March 2016 ● First mention in slack was from June 2016 ● First ticket in October 2016 ● Triage team formed in December 2016 (shoutout to Rash and Anthony) ● Top 40 vendor on CVEdetails.com by 2017 ● Still going strong after several PM changes and lots of engineering rotations 1 5
  • 16. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 1 6 Someone emails security@
  • 17. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 1 7 Someone emails security@ Automated thank you
  • 18. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 1 8 Someone emails security@ Automated thank you Triage team takes a look
  • 19. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 1 9 Someone emails security@ Automated thank you Triage team takes a look Might be irrelevant, they respond and close the ticket
  • 20. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 2 0 Someone emails security@ Automated thank you Triage team takes a look Might be irrelevant, they respond and close the ticket Start a slack channel, talk to the team
  • 21. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 2 1 Someone emails security@ Automated thank you Triage team takes a look Might be irrelevant, they respond and close the ticket Start a slack channel, talk to the team Team helps understand severity, fixes the issue
  • 22. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Flow 2 2 Someone emails security@ Automated thank you Triage team takes a look Might be irrelevant, they respond and close the ticket Start a slack channel, talk to the team Team helps understand severity, fixes the issue CVE goes out, issue is closed
  • 23. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ In hindsight... ● I didn't know it at the time but we were implementing the same practices as Toyota. ○ Email to the security team could interrupt flow of what team was working on ○ Automated thank you ○ Triage team would come to the team to understand the issue and severity ○ Team would make the necessary changes ○ Work could continue on other features 2 3
  • 24. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What did we learn?
  • 25. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ It's tough! ● Psychological safety doesn't come automatically or overnight ○ Baggage - other companies or experiences ○ Intentional - had to explain who we were and why we were asking questions ○ Fear - people would reach out to me before sending ○ Overreactions - making people work on the weekend, upsetting the community 2 5
  • 26. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Iterations ● Engagement from leadership ● Started with an email + a few people, eventually moved to a ticketing system and a dedicated team ● Few different types of classifications for security issues over time ● Timing of releases ● Team time zones ● Support embeds ● Closer partnership with infosec ● Davos! 2 6
  • 27. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Shoutouts LL - Alex Jackson R&D Leadership - Onsi Fakhouri, Mike Dalessio OG Triage pair - Rasheed Abdul-Aziz and Anthony Emengo PMs - Steven Levine, Dan Jahner, Jake Knostman Engineers Justin Sampson Margaret Crawford Ramkumar Vengadakrishnan Steven Locke Tim Hausler Adam Berkovec Andrew Edstrom Anna Thornton Annie Sing Anoop Gopalakrishnan Aram Price Ben Moss 2 7 Brian Vullo Can Berk Güder Charles Vieth Christopher Brown Clement Ng Dan Jahner Dhruv Sheth Jesse Malone Jim Myers Joe Kirwin Julien Cherry Kalai Wei Kris Hicks Mark Fussell Merric de Launey Michelle He Natasha Hull-Richter Nayan Chandni Phil Goodwin Rob Dimsdale-Zucker Slawek Ligus Tony Wong Weyman Fung William Brandon
  • 29. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resources ● https://itrevolution.com/kata/ ● https://www.leanvets.com/2018/05/andon-cords-and-practice.html ● https://rework.withgoogle.com/guides/understanding-team-effectiveness/ste ps/foster-psychological-safety/ 2 9
  • 30. Unless otherwise indicated, these slides are © 2013-2019 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Safe Harbor Statement The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. These purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation.