Download as PDF, PPTX
Uploaded byDevSecOps Days
Zero to Ninety in Securing DevOps
The document outlines strategies for integrating DevSecOps effectively within organizations, emphasizing the importance of relationships, maturity assessment, and a culture of security. It highlights the need for defined processes, checklists, and metrics to measure success while navigating the transition from DevOps to DevSecOps. The author, J. Wolfgang Goerlich, stresses the significance of collaboration and communication to achieve security as a product throughout the development lifecycle.
More Related Content
Similar to Zero to Ninety in Securing DevOps
![[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...](https://cdn.slidesharecdn.com/ss_thumbnails/ai-aifortheunderdogsinnovationforsmallbusinesses-251124030839-72a599a4-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-phpinaiagethelaravelway-251125012602-ef9d330e-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-agenticaiarchitectureredefiningsystemcommunication-251124030838-e6c70cc2-thumbnail.jpg?width=640&height=640&fit=bounds)
Zero to Ninety in Securing DevOps
- 1. Zero to Ninetyin Securing DevOps J Wolfgang Goerlich VP Strategic Programs, CBI
- 2.
- 3. Developers Security It takestwo years for technology to go from builders to breakers.
- 5.
- 7.
- 8.
- 9. Are we reallydoing DevOps? Really?
- 10. Ad Hoc Defined Optimized Ad Hoc Defined Optimized DevOps Whatare our levels of maturity?
- 11. What is theCI/CD pipeline? Wait … pipelines?
- 12.
- 13. Wins • Directory ofpeople • Inventory of DevOps’d apps • Inventory of CI/CD pipelines • Stay alive (task and stress management)
- 14.
- 15.
- 16.
- 17. Assess. Don’t audit. (No onelikes auditors)
- 18.
- 19. Hug a Checklist •NIST SP 800-64 Development Lifecycle • NIST SP 800-190 Container Security • ISO 27002 (Yeah, I know) • ISO 27034 Application Security • CSA Guidance 4.0 Application Security • BSIMM, SAMM Maturity
- 20. And the mostimportant checklist of them all … the one from the Customers.
- 21.
- 22.
- 23. Wins • Find achampion Advisory council • Find a pilot pipeline Business case • Define a maturity model Security backlog • Still alive (task and stress management)
- 24.
- 25.
- 26.
- 27. Create a cultureof quality and security one line of code at a time
- 28.
- 30. Security as aProduct
- 31. Security as aProduct • Features: Security Requirements • Process: Borrow from DevOps • Experience: Borrow from UXD Apply industrial design principles and DevOps methods to build our product
- 32. Wins • Innovators andadopters Advisory council • Pipeline security feature Business case • Communicate roadmap Security backlog • Alive! So alive. And kicking!
- 33.
- 34. DevSecOps Learn Assess Plan Follow the Money Builda Backlog Define Success Implement, Iterate
- 35. J Wolfgang Goerlich VPStrategic Programs, CBI @jwgoerlich https://jwgoerlich.com Thank you.