The document discusses the inevitable marriage between DevOps and security (DevSecOps). It argues that security must evolve to embrace chaos and resilience in order to remain relevant and aligned with DevOps goals of optimizing software delivery. Specifically, it recommends that security adopt metrics like time-to-recovery over time-between-failures, and embrace distributed, immutable, and ephemeral infrastructure designs that are more secure by default. It also provides examples of how to architect and test for security through controlled chaos engineering. The conclusion is that for security to truly unite with DevOps, it needs to stop resisting chaos and instead focus on outcomes like resilience.
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This document provides an overview of a presentation on chaos engineering and security chaos engineering. The presentation covers United Health Group's journey to rugged DevOps, combating complexity in software, and approaches to chaos engineering and security chaos engineering. Specific topics discussed include automated security configuration and validation using Chef and Inspec, using Gauntlt for automated vulnerability scanning, lessons learned from DevOps transformations, and examples of chaos engineering experiments and game days.
Discussion of how security is in crisis but DevSecOps offers a new playbook and gives security a path to influence. Taking a look at the WAF space, we look at how Signal Sciences has created feedback between Dev and Ops and Security to create new value.
DevSecOps Days Istanbul 2020 Security Chaos EngineeringAaron Rinehart
This document summarizes a presentation on chaos engineering and security chaos engineering. It discusses how systems have become too complex for humans to fully understand and that failures are the normal condition. Chaos engineering experiments intentionally introduce failures to build confidence in a system's resilience. Security chaos engineering uses the same principles to continuously validate security controls and reduce uncertainty. The document provides examples of chaos experiments and introduces ChaoSlingr, an open source tool for automating security chaos experiments.
1) The document discusses the need for a shift from a "security-only" model to a shared responsibility model of security between developers, operations staff, and security professionals. It advocates for the ideal state being one where security is everyone's responsibility.
2) CIOs surveyed preferred having their whole staff receive security training rather than relying on a few security experts, and dedicating 1% of staff to security curation rather than 40 hours of training for all.
3) Achieving a high level of security confidence through techniques like checking confidence levels in software could help enable faster development speeds while still prioritizing security.
1) The document discusses the need for a shift from a "security-only" model to a shared responsibility model of security between developers, operations staff, and security professionals. It advocates for the ideal state being one where security is everyone's responsibility.
2) CIOs surveyed preferred having their whole staff receive security training rather than relying on a few security experts, and dedicating 1% of staff to security curation rather than 40 hours of training for all.
3) There is a journey from security professionals making all decisions to developers being enabled by self-service security capabilities to experiment with more autonomy while still achieving high confidence levels in their work.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
This talk provides a brief history of how DevOps has enabled tech companies to become unicorns. Furthermore, is Security in DevOps important, who is responsible and what can teams do make security a competitive advantage.
The document discusses the rise of DevSecOps and its importance for software development. It notes that existing security solutions are no longer adequate due to the speed of modern development, and that security has become a bottleneck. DevSecOps aims to integrate security practices into development workflows to enable continuous and real-time security. It outlines how security responsibilities have evolved from separate teams to being shared among developers, and how tools have progressed from periodic testing to continuous monitoring and automation. The document argues that DevSecOps is necessary now given the costs of data breaches and risks of vulnerabilities in open source components.
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This document provides an overview of a presentation on chaos engineering and security chaos engineering. The presentation covers United Health Group's journey to rugged DevOps, combating complexity in software, and approaches to chaos engineering and security chaos engineering. Specific topics discussed include automated security configuration and validation using Chef and Inspec, using Gauntlt for automated vulnerability scanning, lessons learned from DevOps transformations, and examples of chaos engineering experiments and game days.
Discussion of how security is in crisis but DevSecOps offers a new playbook and gives security a path to influence. Taking a look at the WAF space, we look at how Signal Sciences has created feedback between Dev and Ops and Security to create new value.
DevSecOps Days Istanbul 2020 Security Chaos EngineeringAaron Rinehart
This document summarizes a presentation on chaos engineering and security chaos engineering. It discusses how systems have become too complex for humans to fully understand and that failures are the normal condition. Chaos engineering experiments intentionally introduce failures to build confidence in a system's resilience. Security chaos engineering uses the same principles to continuously validate security controls and reduce uncertainty. The document provides examples of chaos experiments and introduces ChaoSlingr, an open source tool for automating security chaos experiments.
1) The document discusses the need for a shift from a "security-only" model to a shared responsibility model of security between developers, operations staff, and security professionals. It advocates for the ideal state being one where security is everyone's responsibility.
2) CIOs surveyed preferred having their whole staff receive security training rather than relying on a few security experts, and dedicating 1% of staff to security curation rather than 40 hours of training for all.
3) Achieving a high level of security confidence through techniques like checking confidence levels in software could help enable faster development speeds while still prioritizing security.
1) The document discusses the need for a shift from a "security-only" model to a shared responsibility model of security between developers, operations staff, and security professionals. It advocates for the ideal state being one where security is everyone's responsibility.
2) CIOs surveyed preferred having their whole staff receive security training rather than relying on a few security experts, and dedicating 1% of staff to security curation rather than 40 hours of training for all.
3) There is a journey from security professionals making all decisions to developers being enabled by self-service security capabilities to experiment with more autonomy while still achieving high confidence levels in their work.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
This talk provides a brief history of how DevOps has enabled tech companies to become unicorns. Furthermore, is Security in DevOps important, who is responsible and what can teams do make security a competitive advantage.
The document discusses the rise of DevSecOps and its importance for software development. It notes that existing security solutions are no longer adequate due to the speed of modern development, and that security has become a bottleneck. DevSecOps aims to integrate security practices into development workflows to enable continuous and real-time security. It outlines how security responsibilities have evolved from separate teams to being shared among developers, and how tools have progressed from periodic testing to continuous monitoring and automation. The document argues that DevSecOps is necessary now given the costs of data breaches and risks of vulnerabilities in open source components.
1. The document discusses how security is changing with new technologies like cloud computing, DevOps, and agile development. Traditional security practices are no longer effective.
2. It advocates migrating security left in the development process so it is designed into applications from the beginning. This allows for a faster security feedback loop.
3. Security needs to be automated and tested using tools and data platforms. Monitoring and inspecting everything is important for the new dynamic environments. Security decisions and controls are also changing to adapt to these new realities.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsDevOps.com
The traditional way of handling security issues in DevOps involves security teams analyzing vulnerabilities and opening issues/tickets, with closing the loop on resolutions being difficult. This model is changing as the cost of fixing later-stage defects rises significantly. The shift is toward DevSecOps where responsibility for application security moves to development teams. Developers are integrating security tools earlier in the software development lifecycle (SDLC) to enable a more secure-by-design approach. Effective DevSecOps requires tools that fit seamlessly into developer workflows and prioritize actual vulnerabilities over non-issues. It also demands integrating security practices into DevOps processes through agile methodologies and automation.
This document discusses challenges with integrating security into agile development processes and proposes solutions. It notes that traditional security approaches like threat modeling and penetration testing don't work well in agile environments with short release cycles. The document recommends automating security scans and tests to run with each code change. It also suggests integrating security findings into existing bug tracking tools to streamline remediation. The overall goal is to make security practices more agile and collaborative to improve cycle times for fixing issues.
This document discusses how DevOps practices can sometimes break traditional security and compliance practices, and proposes an approach called SecDevOps 2.0 to better integrate the two. It outlines how SecDevOps 2.0 would define policies, identities, and networks in a way that supports continuous delivery while maintaining security and compliance. Key elements include defining security policies in code, using machine identities at scale for access control, and implementing new tools like secrets as a service and software-defined firewalls. The overall goal is to make security controls more transparent and integrated with automation.
DevOps security (DevSecOps) is an extension of DevOps that integrates security practices into the software development lifecycle. It addresses challenges like securing privileged credentials and tools used in DevOps environments. DevSecOps works by implementing security policies as code, separating duties between developers and security teams, and integrating security checks into continuous integration/delivery pipelines. Automating security mechanisms and taking a proactive security approach are also important for DevSecOps.
The document discusses the importance of DevSecOps. It notes that existing security solutions are no longer adequate as software can now be distributed globally and created more cheaply in the cloud. DevSecOps aims to integrate security into development and operations by making security teams empower developers and help them succeed. It outlines how security tools and responsibilities have evolved from separate security testing to being integrated into product teams. The document argues DevSecOps is important because fixing defects early is cheaper than during production, and most modern applications use open source components which could contain vulnerabilities. It concludes security teams should empower product teams and help solve technology problems while product teams should be mindful of security.
Winnipeg ISACA Security is Dead, Rugged DevOpsGene Kim
This document summarizes a presentation given by Gene Kim on infosec and DevOps. It discusses research that found high performing IT organizations have fewer security issues and implement changes more successfully. The presentation introduces the concepts of Rugged software development and DevOps. It provides an overview of how to implement DevOps through systems thinking, amplifying feedback loops, and developing a culture of experimentation. Key aspects include integrating operations, security and development teams and processes. The goal is to reduce issues and improve flow to help the business.
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
This document discusses how to implement DevSecOps practices to safely enable continuous delivery. It advocates shifting security left by integrating security practices into development workflows from design through deployment. This allows security issues to be identified and addressed early before they become costly problems. The document outlines DevSecOps staffing models and provides examples of how practices like automated security testing, secure baselines and templates, and monitoring can help operationalize security and reduce mean time to remediate issues from months to hours.
2016 - Safely Removing the Last Roadblock to Continuous Deliverydevopsdaysaustin
Presentation by Shannon Lietz
Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t?
Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.
Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t?
Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.
Automating security compliance for physical, virtual, cloud, and container en...Lucy Huh Kerner
In this slide deck of my 2017 Red Hat Summit talk, you'll learn how to easily provision a security-compliant host and quickly detect and remediate security and compliance issues in physical, virtual, cloud, and container environments. We’ll discuss possible compliance challenges and show how a combination of Red Hat CloudForms, Red Hat Satellite, and Ansible Tower by Red Hat can help you quickly achieve compliance, automate security , and complete remediation. You’ll learn how you can integrate Red Hat CloudForms with Red Hat Satellite and Ansible Tower by Red Hat, as well as use the OpenSCAP integration in Red Hat Satellite, to perform audit scans and remediations at the push of a button on your systems and automate security to ensure compliance against various profiles, such as:
The U.S. Government Configuration Baseline (USGCB).
The Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG).
The Centralized Supercomputing Facility (CSCF) baseline.
The U.S. Government Commercial Cloud Services (C2S) baseline.
The Certified Cloud and Service Provider (CCSP) baseline.
Center for Internet Security (CIS) Benchmarks.
The Payment Card Industry Data Security Standard (PCI DSS) Custom policies.
You'll also learn how you can use the control and policy engine in Red Hat CloudForms to detect and fix vulnerabilities, such as Shellshock, and learn how to do proactive security and automated risk management with Red Hat Insights.
To see the video replay of this talk, please visit: https://www.youtube.com/watch?v=8V1iDgOTWFA&t=1s
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012Nick Galbreath
DevOpsSec applies DevOps principles like decentralization, shared resources, and transparency to security. It focuses on reducing the mean time to detect (MTTD) security issues and mean time to resolve (MTTR) them. Automating security testing and integrating it into continuous integration helps detect attacks and issues earlier. Treating security operations like other services improves culture.
This is a presentation I gave to 100+ people at Rev1 Ventures in Columbus, OH. The presentation was about how to define DevOps. Like any new concept, there are multiple and sometimes competing definitions. I've found that implementations of DevOps can change but there are some very common anti-patterns. Lastly, I talk about how we implement DevOps at Bold Penguin.
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019Aaron Rinehart
This document discusses security chaos engineering and how it can be used to proactively test systems and security controls. It notes that as systems increase in complexity, it becomes harder to fully understand their behavior. Security chaos engineering involves experimenting on systems to build confidence in their ability to withstand failures. Some key points made include:
- Conducting controlled experiments simulating security incidents to validate response plans and identify weaknesses
- Taking a proactive approach focused on learning rather than blame to improve security over time
- Using an open source tool called ChaoSlingr to automate security chaos experiments across distributed systems
DevOps aims to shorten feedback loops and allow teams to quickly iterate on changes and ship features. However, continuously deploying changes also introduces security risks that must be monitored. SecDevOps seeks to address this by continually monitoring the security implications of operational changes, improving security response times while still allowing for continuous deployment. Implementing continuous security through a SecDevOps methodology is an important challenge that companies need to solve in order to fully benefit from DevOps practices.
DevOps and security. There's still no standard or even agreed-upon name, but two things are clear: DevOps is here to stay and security must be speeding up to keep pace with the speed of business, so DevSecOps.
DevOps continues to be a buzzword in the software development and operations world, but is it really a paradigm shift? It depends on what lens you view it through.
Roman Garber, an active software security engineering and software team lead thinks so. Ed Adams, Security Innovation CEO, a 20-year software quality veteran and former mechanical engineer, curmudgeonly disagrees.
This document discusses connecting pipelines across software delivery to address challenges from cloud adoption and increasing delivery speed. It identifies four "disconnects" that can disturb businesses: 1) CI/CD happening without visibility, 2) lack of tool integrations, 3) insufficient focus on security and operations, and 4) disconnect between business and IT delivery processes. The document advocates connecting CI/CD, tools, security/operations, and business/IT processes through approaches like integrating development tools into pipelines, embedding security checks in pipelines, and connecting business release planning to automated IT execution. This helps maximize the speed of business value delivery through DevOps and overcome challenges of scaling practices across large organizations.
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
DevSecOps is a development methodology that combines security measures at every stage of the software development lifecycle in order to provide reliable and secure systems. DevSecOps, in general, increases the benefits of a DevOps service.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
More Related Content
Similar to us-19-Shortridge-Forsgren-Controlled-Chaos-the-Inevitable-Marriage-of-DevOps-and-Security.pdf
1. The document discusses how security is changing with new technologies like cloud computing, DevOps, and agile development. Traditional security practices are no longer effective.
2. It advocates migrating security left in the development process so it is designed into applications from the beginning. This allows for a faster security feedback loop.
3. Security needs to be automated and tested using tools and data platforms. Monitoring and inspecting everything is important for the new dynamic environments. Security decisions and controls are also changing to adapt to these new realities.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsDevOps.com
The traditional way of handling security issues in DevOps involves security teams analyzing vulnerabilities and opening issues/tickets, with closing the loop on resolutions being difficult. This model is changing as the cost of fixing later-stage defects rises significantly. The shift is toward DevSecOps where responsibility for application security moves to development teams. Developers are integrating security tools earlier in the software development lifecycle (SDLC) to enable a more secure-by-design approach. Effective DevSecOps requires tools that fit seamlessly into developer workflows and prioritize actual vulnerabilities over non-issues. It also demands integrating security practices into DevOps processes through agile methodologies and automation.
This document discusses challenges with integrating security into agile development processes and proposes solutions. It notes that traditional security approaches like threat modeling and penetration testing don't work well in agile environments with short release cycles. The document recommends automating security scans and tests to run with each code change. It also suggests integrating security findings into existing bug tracking tools to streamline remediation. The overall goal is to make security practices more agile and collaborative to improve cycle times for fixing issues.
This document discusses how DevOps practices can sometimes break traditional security and compliance practices, and proposes an approach called SecDevOps 2.0 to better integrate the two. It outlines how SecDevOps 2.0 would define policies, identities, and networks in a way that supports continuous delivery while maintaining security and compliance. Key elements include defining security policies in code, using machine identities at scale for access control, and implementing new tools like secrets as a service and software-defined firewalls. The overall goal is to make security controls more transparent and integrated with automation.
DevOps security (DevSecOps) is an extension of DevOps that integrates security practices into the software development lifecycle. It addresses challenges like securing privileged credentials and tools used in DevOps environments. DevSecOps works by implementing security policies as code, separating duties between developers and security teams, and integrating security checks into continuous integration/delivery pipelines. Automating security mechanisms and taking a proactive security approach are also important for DevSecOps.
The document discusses the importance of DevSecOps. It notes that existing security solutions are no longer adequate as software can now be distributed globally and created more cheaply in the cloud. DevSecOps aims to integrate security into development and operations by making security teams empower developers and help them succeed. It outlines how security tools and responsibilities have evolved from separate security testing to being integrated into product teams. The document argues DevSecOps is important because fixing defects early is cheaper than during production, and most modern applications use open source components which could contain vulnerabilities. It concludes security teams should empower product teams and help solve technology problems while product teams should be mindful of security.
Winnipeg ISACA Security is Dead, Rugged DevOpsGene Kim
This document summarizes a presentation given by Gene Kim on infosec and DevOps. It discusses research that found high performing IT organizations have fewer security issues and implement changes more successfully. The presentation introduces the concepts of Rugged software development and DevOps. It provides an overview of how to implement DevOps through systems thinking, amplifying feedback loops, and developing a culture of experimentation. Key aspects include integrating operations, security and development teams and processes. The goal is to reduce issues and improve flow to help the business.
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
This document discusses how to implement DevSecOps practices to safely enable continuous delivery. It advocates shifting security left by integrating security practices into development workflows from design through deployment. This allows security issues to be identified and addressed early before they become costly problems. The document outlines DevSecOps staffing models and provides examples of how practices like automated security testing, secure baselines and templates, and monitoring can help operationalize security and reduce mean time to remediate issues from months to hours.
2016 - Safely Removing the Last Roadblock to Continuous Deliverydevopsdaysaustin
Presentation by Shannon Lietz
Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t?
Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.
Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t?
Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.
Automating security compliance for physical, virtual, cloud, and container en...Lucy Huh Kerner
In this slide deck of my 2017 Red Hat Summit talk, you'll learn how to easily provision a security-compliant host and quickly detect and remediate security and compliance issues in physical, virtual, cloud, and container environments. We’ll discuss possible compliance challenges and show how a combination of Red Hat CloudForms, Red Hat Satellite, and Ansible Tower by Red Hat can help you quickly achieve compliance, automate security , and complete remediation. You’ll learn how you can integrate Red Hat CloudForms with Red Hat Satellite and Ansible Tower by Red Hat, as well as use the OpenSCAP integration in Red Hat Satellite, to perform audit scans and remediations at the push of a button on your systems and automate security to ensure compliance against various profiles, such as:
The U.S. Government Configuration Baseline (USGCB).
The Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG).
The Centralized Supercomputing Facility (CSCF) baseline.
The U.S. Government Commercial Cloud Services (C2S) baseline.
The Certified Cloud and Service Provider (CCSP) baseline.
Center for Internet Security (CIS) Benchmarks.
The Payment Card Industry Data Security Standard (PCI DSS) Custom policies.
You'll also learn how you can use the control and policy engine in Red Hat CloudForms to detect and fix vulnerabilities, such as Shellshock, and learn how to do proactive security and automated risk management with Red Hat Insights.
To see the video replay of this talk, please visit: https://www.youtube.com/watch?v=8V1iDgOTWFA&t=1s
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012Nick Galbreath
DevOpsSec applies DevOps principles like decentralization, shared resources, and transparency to security. It focuses on reducing the mean time to detect (MTTD) security issues and mean time to resolve (MTTR) them. Automating security testing and integrating it into continuous integration helps detect attacks and issues earlier. Treating security operations like other services improves culture.
This is a presentation I gave to 100+ people at Rev1 Ventures in Columbus, OH. The presentation was about how to define DevOps. Like any new concept, there are multiple and sometimes competing definitions. I've found that implementations of DevOps can change but there are some very common anti-patterns. Lastly, I talk about how we implement DevOps at Bold Penguin.
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019Aaron Rinehart
This document discusses security chaos engineering and how it can be used to proactively test systems and security controls. It notes that as systems increase in complexity, it becomes harder to fully understand their behavior. Security chaos engineering involves experimenting on systems to build confidence in their ability to withstand failures. Some key points made include:
- Conducting controlled experiments simulating security incidents to validate response plans and identify weaknesses
- Taking a proactive approach focused on learning rather than blame to improve security over time
- Using an open source tool called ChaoSlingr to automate security chaos experiments across distributed systems
DevOps aims to shorten feedback loops and allow teams to quickly iterate on changes and ship features. However, continuously deploying changes also introduces security risks that must be monitored. SecDevOps seeks to address this by continually monitoring the security implications of operational changes, improving security response times while still allowing for continuous deployment. Implementing continuous security through a SecDevOps methodology is an important challenge that companies need to solve in order to fully benefit from DevOps practices.
DevOps and security. There's still no standard or even agreed-upon name, but two things are clear: DevOps is here to stay and security must be speeding up to keep pace with the speed of business, so DevSecOps.
DevOps continues to be a buzzword in the software development and operations world, but is it really a paradigm shift? It depends on what lens you view it through.
Roman Garber, an active software security engineering and software team lead thinks so. Ed Adams, Security Innovation CEO, a 20-year software quality veteran and former mechanical engineer, curmudgeonly disagrees.
This document discusses connecting pipelines across software delivery to address challenges from cloud adoption and increasing delivery speed. It identifies four "disconnects" that can disturb businesses: 1) CI/CD happening without visibility, 2) lack of tool integrations, 3) insufficient focus on security and operations, and 4) disconnect between business and IT delivery processes. The document advocates connecting CI/CD, tools, security/operations, and business/IT processes through approaches like integrating development tools into pipelines, embedding security checks in pipelines, and connecting business release planning to automated IT execution. This helps maximize the speed of business value delivery through DevOps and overcome challenges of scaling practices across large organizations.
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
DevSecOps is a development methodology that combines security measures at every stage of the software development lifecycle in order to provide reliable and secure systems. DevSecOps, in general, increases the benefits of a DevOps service.
Similar to us-19-Shortridge-Forsgren-Controlled-Chaos-the-Inevitable-Marriage-of-DevOps-and-Security.pdf (20)
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
23. Lead time for changes: How long does
it take for committed code to
successfully run in production?
23
24. Release frequency: How often is code
deployed to production or released
to end users?
24
25. Time to Recovery (TTR):
How long does it take to restore
service?
25
26. Change failure rate: What percentage
of changes to production degrade
service & require remediation?
26
27. Elite High Medium Low
Lead time for
changes
< One day 1 day - 1 week
1 week –
1 month
1 month –
6 months
Release
frequency
On demand
(>1 daily)
1 per day –
1 per month
1 per week –
1 per month
1 per month –
1 per 6 months
Time to
recovery
< 1 hour < 1 day < 1 day
1 week –
1 month
Change failure
rate
0% – 15% 0% – 15% 0% – 15% 46% – 60%
27
28. The evidence: no tradeoff between
better infosec & DevOps leetness
28