how devops becomes devopssec
TRANSCRIPT
@codesoda Software Engineering + Microelectronics
Enterprise engineering teams < Startup Guy Bridging development and security practices
• DevOps as double edged sword • How to introduce DevOpsSec • Decreasing friction between Teams • Accelerating your ROI
Things we’ll cover
Ops Don’t break anything
Dev, Ops and Sec teams have different goals
Sec Break Everything
Devs Build all the things
DevOps > rapid changes > moar bugs/vulns faster
!
Feedback Loops are essential
Move fast and break things
Continue to automatecode style/quality reviews
static security analysis
Abuse cases (malicious user stories)
protect sales/marketing and admin staff from phishing
Monitor/scan server infrastructure !
review 500*dev code for the …day!
Security Responsibilities
make better decisions..
aggregate vuln data which types of issues, in which parts, of which applications !
Less chest poking, more mentoring + learning
moar automation
reproduceable & testable production server configurations
app log monitoring
security config monitoring
Summary
� Small steps mean easy wins � Developers have to care about code � Security is a process, not a product � Don’t wait for a fire to hire fire fighters � Crowd sourcing can augment your team
!