slides: the security challenge: kpn's practical approach

The Security Challenge:

KPN's Practical Approach

for (IT) managers

Xebia Security

Who am I

Dave van Steindvanstein@xebia.com

@Dave_von_S

nl.linkedin.com/in/dvstein

KPN

Largest Telecom and IT operator in NL

Consumer, Business, Corporate markets

Several international brands

18,000 employees, 500M€ profit

KPN Online

Most internet facing applications and apps

Open environment (www.kpn.com)

Selfcare environments (mobile & desktop)

Consumer and small business webshop

-2013: project based

Security requirements Penetration test

Afterfix Afterfix 2

Retest

2014: Agile transformation

Security & Agile?

Changing Responsibilies

Integrate security expertise

Split and simplify policies

Standardized Architecture

Security in SDLC

Threat modeling by design

Compliant Operation

Story

Code

Platform

Application

Operations

Apply best practices

SecDevOps: summary

Align Dev, Sec, Bus, And Ops

Standardize and simplify

Automate, automate, automate

Know your value

Attack yourself

Learn, teach and train

SecDevOps: more info

devsecops.org - “Secure Agile Manifesto”

Forrester- “The Seven Habits of Rugged Devops”

Event.io- “Ten Ways to Develop a Rugged DevOps Approach”

Just do it

Thank you, Q&A