Upload File

devsecops: is it a good thing?

15
www.ranger4.com optimising the flow from idea to value realisation DevSecOps: Is it a Good Thing? Helen Beal DevOpsologist

Upload: ranger4-limited

Post on 21-Jan-2018

106 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

DevSecOps: Is it a Good Thing?

Helen Beal

DevOpsologist

Page 2: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Agenda

• What is DevSecOps?

• Why is it a bad thing?

• Why is it a good thing?

• Will DevSecOps last forever?

• Things that you can do next

Page 3: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

What is DevSecOps?

Page 4: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Is Security an Afterthought?

Page 5: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

The Parts Unlimited Team

Lead Engineer

Page 6: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Leaning in over Always Saying “No”Data & Security Science over Fear, Uncertainty and Doubt

Open Contribution & Collaboration over Security-Only RequirementsConsumable Security Services with APIs over Mandated Security Controls & Paperwork

Business Driven Security Scores over Rubber Stamp SecurityRed & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities

24x7 Proactive Security Monitoring over Reacting after being Informed of an IncidentShared Threat Intelligence over Keeping Info to Ourselves

Compliance Operations over Clipboards & Checklists

Page 7: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Page 8: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Why is DevSecOps a Bad Thing?

Page 9: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Page 10: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Why is DevSecOps a Good Thing?

Page 11: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

“One way to enable market-oriented outcomes is for Operations to create a set of centralized platforms and tooling services that any Dev team can use to become more productive… a platform that provides a shared version control repository with pre-blessed security libraries, a deployment pipeline that automatically runs code quality and security scanning tools, which deploys our applications into known, good environments that already have production monitoring tools installed on them.”

The DevOps Handbook

Page 12: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Will DevSecOps last forever?

Page 13: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Things that you can do next

Page 14: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Things That You Can Do Next• Get a free scan and report on your open source component

vulnerabilities

• Book on a DevSecOps Engineering course (Public Schedule Feb

21/22 2018)

• Sit the DevOps Foundation Course as a prerequisite for DSOE –

public schedule December 13/14 2017

• Sign up for All Day DevOps! – I’ll be talking about DevSecOps and

the DevOps Superpattern

Page 15: DevSecOps: Is it a Good Thing?

www.ranger4.comoptimising the flow from idea to value realisation

Be DevOpstastic


Humanising DevSecOps

DOS AND DON'TS OF DEVSECOPS - … · DOS AND DON'TS OF DEVSECOPS DEV-F01 Technical Manager, Adjunct Faculty Member CERT | Software Engineering Institute ... Establish good …

Cognitive dissonance is a Good thing

The Great Good Thing

CSA - DevSecOps v1 compressed//aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline/ CodePipeline security group ... CSA - DevSecOps v1 compressed Created Date:

Challenges for Leaders are a GOOD Thing

A Little Conflict is a Good Thing

DevSecOps Fundamentals Playbook

DevSecOps - The big picture

Good thing for life

The Journey to DevSecOps

DoD Enterprise DevSecOps Fundamentals · 2021. 6. 11. · DevSecOps, including normalized definitions of DevSecOps concepts. Other pertinent information is captured in corresponding

» Too much of a good thing can be a very bad thing

HERE, OVERACTIVE IMAGINATIONS ARE A GOOD THING

Good thing we had a flashlight

What is Social Media (A Good Thing or A Bad Thing?)

There's No Such Thing as Biopiracyand It's a Good Thing Too

DevSecOps Fundamentals

A little friction is a good thing

Profits: A Good Thing

DevSecOps Overview - NYS Forum Home · 11/14/2018  · DevSecOps Overview November 14, 2018 ... 3 Benefits of DevSecOps 4 How to Implement DevSecOps 5 Summary / Questions. Security

DevSecOps of Containerization

DEVSECOPS: Coding DevSecOps journey

Lec21-Quite Good but Same Thing

Caffeine: Good Thing?

Tanked! And that's a good thing

Ruby's Very Good Thing

File Sharing and Collaboration is a Good Thing - Grexo · PDF fileFile Sharing and Collaboration is a Good Thing PAGE File Sharing and Collaboration is a Good Thing One of the greatest

5 good thing happened in 2013

When Customizations are a Good Thing

TOO MUCH OF A GOOD THING!

Overcoming DevSecOps Challenges

Too Much of a Good Thing?

DevSecOps Singapore introduction

Internet Informed Patients Are A Good Thing