SlideShare a Scribd company logo

Continuous Security / DevSecOps- Why How and What

Marc Hornbeek
Marc Hornbeek

This presentation explains what Continuous Security / DevSecOps is, Why it is important, How it works and What you can do to realized a well-engineered DevSecOps solution in your own organization or enterprise.

1 of 24
Downloaded 18 times
Marc Hornbeek a.k.a. DevOps_the_Gray esq. CEO and Principal Consultant Engineering DevOps Consulting Author – Engineering DevOps mhornbeek@engineeringdevops.com Continuous Security / DevSecOps Evolving from Security-as-an-audit strategies to Lifecycle Security-as-code strategies mybook.to/engineeringdevops https://devops.com/9-pillars-of-continuous-security-best-practices/
Enterprise, Manufacturers, Service Providers and Institutions DevOps / QA / DevSecOps / SRE www.engineeringdevops.com mhornbeek@engineeringdevops.com Training and Certifications DevOps, DevSecOps QA, SRE Assessments DevOps, DevSecOps, QA, SRE Strategic Planning Agile plans for 26 topics Speaking Engagements Conferences, Events, Onsite or Online Advisory Services Workshops, mentoring Content Writing Blogs, White papers, eBooks Webinars Content and delivery Engineering DevOps Consulting
www.engineeringdevops.com What You Will Learn • What is Continuous Security / DevSecOps? • Why is continuous security important to DevOps? • How is security integrated into Continuous DevOps environments? • What do you need to integrate continuous security? • Typical Q&A
What is Continuous Security / DevSecOps? Leadership Culture Design Integration Testing Infrastructure Monitoring Deployment
What is Continuous Security / DevSecOps? Continuous Security as an integral part of continuous delivery cultures, processes and value streams. Integrating security practices into DevOps, such as Security as Code, is a way for security practitioners to operate and contribute value with less friction. Security practices must adapt dynamically to ensure data security and privacy issues are not left behind in the fast-paced world of DevOps.
Why is continuous security important to DevOps? DevOps without DevSecOps generates security risks.
Why is continuous security important to DevOps? DevOps without DevSecOps generates security risks. DevOps without DevSecOps is dangerous! Like Fusion energy: powerful but dangerous if not controlled Acceleration of dev and deployment without DevSecOps practices can result in unintended security risks (E.g. OWASP Top 10) - Designs without security considerations - New Attack surfaces: IOT, Mobile, home offices - Vulnerabilities embedded in code - Credentials embedded in dev artifacts - Additional Infrastructure attack surfaces - Poor Database from SQL injections - Exposing sensitive data - 3rd party code – Open source - Software supply chain (E.g., SolarWinds) - Inadequate login and monitoring capabilities.
Why is continuous security important to DevOps? DevSecOps is an opportunity to integrate security into the DevOps value stream.
Why is continuous security important to DevOps? DevSecOps is an opportunity to integrate security into the DevOps value stream. • DevSecOps is a Holy Grail for cybersecurity • Like fusion power – sophisticated controls are needed • Change security structure from “expert governance role” to “educated workforce supported by integrated technologies and practices”: - Education and training - Design with Security practices - Automated security scanning - Automated testing - End-to-end monitoring - Immutable Infrastructure as code practices - Security monkey.
How is security integrated into Continuous DevOps environments? 9 Pillars of DevSecOps practices https://devops.com/9- pillars-of-continuous- security-best-practices/
How is security integrated into Continuous DevOps environments? Foundations • Orchestration and automation of security tools and processes • Governance through monitoring and “as-code” controls 9 Pillars • Leadership: Evangelist, sponsor, budget, behavior reinforcement • Culture: Education, Empowerment, Communication, collaboration • Design: Security design standards and practices • Integration: Security Scanning dependency tracking, source and image control • Testing: security tests • Monitoring: security logs and analysis • Security as a pillar: security center of excellence • Infrastructure: Immutable infra as code • Delivery/Deployment: Deployment strategies, quick detection and recovery Arches • Value Streams make security visible end to end. • Planning and operations based on continuous leaning • Releases gated with security metrics • CI/CD Security tools orchestration and automation DevSecOps Practices
Continuous Security / DevSecOps Engineering Blueprint DevSecOps provides an opportunity to reduce security risks if security is integrated into the continuous delivery pipeline according to good engineering practices.
How is security integrated into Continuous DevOps environments? Security instrumentation, automation and observability
How is security integrated into Continuous DevOps environments? Security instrumentation, automation and observability SHIFT VERY LEFT IS THE KEY TO DEVSECOPS • Top DevSecOps organizations focus on embedding security in the design and build stage of agile development. • Revamp the security operation model • Organization structure: from focus on security domains to Product focus • Communication: from formal governance to embedded culture • Roles and responsibilities: from Expert Assessor to Coaches and practitioners • Continuous Improvement: from Unconstructive KPIs to observable SLO/SLIs Center of Security Excellence Approach 1. Educate and empower others rather than policing compliance. 2. Automate security to help IT and the business achieve their agility goal 3. Monitor exceptions rather than police non-compliance. Employ Observability and SLO/SLO concepts.
Seven-Step Transformation Blueprint 1. Visioning 2. Alignment 3. Assessment 4. Solution 5. Realize 6. Operationalize 7. Expansion What do you need to integrate continuous security? Kickoff Meeting Discovery Surveys Solution Mapping Workshops & Interviews Recommended Solution Follow-up Typical duration 21 days Rapid Strategic DevSecOps Assessment
DevOps Adoption Blueprint Leadership / Culture Initiative Model Application m Application m + 1 • Adoption goals • Leaders training • Organization preparation • Model project selection • Investment (team & tools) • Architecture team • Monitoring and incentives • Team and organization • Training (CI/CD practices) • Goals, Assessment, Value Stream • Tool chain with ARA backbone • Automate CI and QA automation • Automate CD , containers, G/B, A/B • DevSecOps, SRE practices • KPIs, SLOs and monitoring tools • Site Reliability Engineering • Optimize (Kaizen) • App Selection • Self contained product teams (squads, tribes, SREs) • Proactive sharing or practices (Yokoten) • Info sharing (Chapters and Guilds) SCALE ! Systematic, measured, adoption progression POC MVP 2nd Way 1st Way 3rd Way Application m + 2 Application m + n . . . Scaling DevSecOps – Progressive Adoption Blueprint
DevOps Adoption Blueprint Scaling DevSecOps – Progressive Adoption Blueprint The DevOps Progressive Adoption blueprint ensures all applications targeted for DevOps transformation progress towards continuous improvement instead of stalling out. Scaling DevOps to other applications across the enterprise will typically occur nearly in parallel with the development of DevOps for the Model application. Success patterns learned from the model application are communicated across the enterprise and applied to other applications proactively in a way referred to as “Yokoten”. The priorities for applications follow the same application selection criterion as the model. As DevOps scales to more and more applications across the enterprise, more of the organization is restructured into tightly coupled product teams while maintaining a culture of proactive cross-team sharing of DevOps practices. Establishing cross-team Chapters and Guilds is a good approach to facilitate sharing and communication.
Summary / Takeaways Continuous security/DevSecOps is at once a transformation challenge to an opportunity for dramatic security improvement. There is no “standard” DevSecOps approach in the industry. The Continuous Security approach based on the Continuous Security Blueprint, 9 Pillars Assessment, Seven-Step Transformation Blueprint and Progressive Adoption Blueprint is proven, progressive and adaptable approach. Refer to www.engineeringdevops.com for more information regarding the Continuous Security/ DevSecOps approach.
Discussion Questions What % of organizations are embracing continuous security? QA (10%) – DevOps (70%) – DevSecOps (?)- SRE/Security (?) World Software Quality 2020 Upskilling Report – DevOps Institute 42% project level 23% enterprise level 16% planning 81% overall Of those 52% state SECURITY SKILLS ARE MUST-HAVE
What are some myths and realities for continuous security? Myth: tools and automation alone are the answer Reality: leadership, culture, training, automaton, observability Myth: Adopting DevSecOps means giving up control. Reality: SAC improves governance and compliance to security standards through automation.
What are impediments to implementing continuous security? Need to establish a Center of Security Excellence Approach 1.Strategy Alignment 2.Culture - Educate and empower others rather than policing compliance. 3.Tools and Automation – strategy selection and work 4.Monitor exceptions rather than police non-compliance. Employ Observability and SLO/SLO concepts.
How can you determine a roadmap to continuous security? There no one way or standard. What has proven to work: • Seven-Step Transformation Blueprint, starting with strategy alignment • Strategic Progressive Adoption Blueprint
How will emerging technologies affect continuous security? • New attack surfaces – Work from home, IOT,5G Access networks • Supply chain – open source and 3rd part • DevSecOps embedded into applications, pipelines and infrastructure • Cloud-native, containers, microservices • DevSecOps as a service • AI/ML to help improve scans, observability and determine best actions
DevOps / DevSecOps / SRE Tools Blueprints, Scorecards, Engineering Practices, Assessment tool, calculators, templates DevOps / DevSecOps / SRE Services Assessments, Strategic Planning, Training, Content www.EngineeringDevOps.com DevOps / DevSecOps / SRE White Papers & Book
Ad

Recommended

DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security Success
Puma Security, LLC
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
Cisco DevNet
 
Devsecops superstar un movimiento masivo
Devsecops superstar un movimiento masivoDevsecops superstar un movimiento masivo
Devsecops superstar un movimiento masivo
Luciano Moreira da Cruz
 
Funny stories and anti-patterns from DevOps landscape
Funny stories and anti-patterns from DevOps landscapeFunny stories and anti-patterns from DevOps landscape
Funny stories and anti-patterns from DevOps landscape
Mikalai Alimenkou
 
Agile Lean Scrum ITIL V2
Agile Lean Scrum ITIL V2Agile Lean Scrum ITIL V2
Agile Lean Scrum ITIL V2
Russell Pannone
 
DevSec Oops, los casos de no éxito de DevSecOps
DevSec Oops, los casos de no éxito de DevSecOpsDevSec Oops, los casos de no éxito de DevSecOps
DevSec Oops, los casos de no éxito de DevSecOps
Luciano Moreira da Cruz
 
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
Edward Kuo
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
Siddharth Joshi
 
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Capital One DevOps Case Study: A Bank with the Heart of Tech CompanyCapital One DevOps Case Study: A Bank with the Heart of Tech Company
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Simform
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Michael Man
 
Agile scrum roles
Agile scrum rolesAgile scrum roles
Agile scrum roles
David Tzemach
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
Agile Development Process
Agile Development ProcessAgile Development Process
Agile Development Process
Solomon Raja P.S
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
5 Levels of Agile Planning Explained Simply
5 Levels of Agile Planning Explained Simply5 Levels of Agile Planning Explained Simply
5 Levels of Agile Planning Explained Simply
Russell Pannone
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
Agile Program and Portfolio Management
Agile Program and Portfolio ManagementAgile Program and Portfolio Management
Agile Program and Portfolio Management
Mike Cottmeyer
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startups
Aleksandr Maklakov
 
DevOps! What, Why and How?
DevOps! What, Why and How?DevOps! What, Why and How?
DevOps! What, Why and How?
Omar Fathy
 
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security
 
Speed up your XPages Application performance
Speed up your XPages Application performanceSpeed up your XPages Application performance
Speed up your XPages Application performance
Maarga Systems
 
Introduction to Lean and Kanban
Introduction to Lean and KanbanIntroduction to Lean and Kanban
Introduction to Lean and Kanban
Rajesh Viswanathan
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
Michelangelo van Dam
 
Run IT Support the DevOps Way
Run IT Support the DevOps WayRun IT Support the DevOps Way
Run IT Support the DevOps Way
Atlassian
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
Intro to Agile Portfolio Governance Presentation
Intro to Agile Portfolio Governance Presentation Intro to Agile Portfolio Governance Presentation
Intro to Agile Portfolio Governance Presentation
Cprime
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
MobibizIndia1
 
Introduction to DevOps in Cloud Computing.pptx
Introduction to DevOps in Cloud Computing.pptxIntroduction to DevOps in Cloud Computing.pptx
Introduction to DevOps in Cloud Computing.pptx
LAKSHMIS553566
 
Ad

More Related Content

What's hot (20)

Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Capital One DevOps Case Study: A Bank with the Heart of Tech CompanyCapital One DevOps Case Study: A Bank with the Heart of Tech Company
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Simform
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Michael Man
 
Agile scrum roles
Agile scrum rolesAgile scrum roles
Agile scrum roles
David Tzemach
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
Agile Development Process
Agile Development ProcessAgile Development Process
Agile Development Process
Solomon Raja P.S
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
5 Levels of Agile Planning Explained Simply
5 Levels of Agile Planning Explained Simply5 Levels of Agile Planning Explained Simply
5 Levels of Agile Planning Explained Simply
Russell Pannone
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
Agile Program and Portfolio Management
Agile Program and Portfolio ManagementAgile Program and Portfolio Management
Agile Program and Portfolio Management
Mike Cottmeyer
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startups
Aleksandr Maklakov
 
DevOps! What, Why and How?
DevOps! What, Why and How?DevOps! What, Why and How?
DevOps! What, Why and How?
Omar Fathy
 
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security
 
Speed up your XPages Application performance
Speed up your XPages Application performanceSpeed up your XPages Application performance
Speed up your XPages Application performance
Maarga Systems
 
Introduction to Lean and Kanban
Introduction to Lean and KanbanIntroduction to Lean and Kanban
Introduction to Lean and Kanban
Rajesh Viswanathan
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
Michelangelo van Dam
 
Run IT Support the DevOps Way
Run IT Support the DevOps WayRun IT Support the DevOps Way
Run IT Support the DevOps Way
Atlassian
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
Intro to Agile Portfolio Governance Presentation
Intro to Agile Portfolio Governance Presentation Intro to Agile Portfolio Governance Presentation
Intro to Agile Portfolio Governance Presentation
Cprime
 
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Capital One DevOps Case Study: A Bank with the Heart of Tech CompanyCapital One DevOps Case Study: A Bank with the Heart of Tech Company
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Simform
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Michael Man
 
Agile scrum roles
Agile scrum rolesAgile scrum roles
Agile scrum roles
David Tzemach
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
Agile Development Process
Agile Development ProcessAgile Development Process
Agile Development Process
Solomon Raja P.S
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
5 Levels of Agile Planning Explained Simply
5 Levels of Agile Planning Explained Simply5 Levels of Agile Planning Explained Simply
5 Levels of Agile Planning Explained Simply
Russell Pannone
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
Agile Program and Portfolio Management
Agile Program and Portfolio ManagementAgile Program and Portfolio Management
Agile Program and Portfolio Management
Mike Cottmeyer
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startups
Aleksandr Maklakov
 
DevOps! What, Why and How?
DevOps! What, Why and How?DevOps! What, Why and How?
DevOps! What, Why and How?
Omar Fathy
 
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security
 
Speed up your XPages Application performance
Speed up your XPages Application performanceSpeed up your XPages Application performance
Speed up your XPages Application performance
Maarga Systems
 
Introduction to Lean and Kanban
Introduction to Lean and KanbanIntroduction to Lean and Kanban
Introduction to Lean and Kanban
Rajesh Viswanathan
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
Michelangelo van Dam
 
Run IT Support the DevOps Way
Run IT Support the DevOps WayRun IT Support the DevOps Way
Run IT Support the DevOps Way
Atlassian
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
Intro to Agile Portfolio Governance Presentation
Intro to Agile Portfolio Governance Presentation Intro to Agile Portfolio Governance Presentation
Intro to Agile Portfolio Governance Presentation
Cprime
 

Similar to Continuous Security / DevSecOps- Why How and What (20)

Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
MobibizIndia1
 
Introduction to DevOps in Cloud Computing.pptx
Introduction to DevOps in Cloud Computing.pptxIntroduction to DevOps in Cloud Computing.pptx
Introduction to DevOps in Cloud Computing.pptx
LAKSHMIS553566
 
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software DevelopmentDevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
Dev Software
 
Devops
DevopsDevops
Devops
penetration Tester
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxDevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptx
Gurajalanaganarasimh
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
The Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsThe Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOps
Dev Software
 
DevOps Vs SRE Major Differences That You Need To Know - Hidden Brains Infotech
DevOps Vs SRE Major Differences That You Need To Know - Hidden Brains InfotechDevOps Vs SRE Major Differences That You Need To Know - Hidden Brains Infotech
DevOps Vs SRE Major Differences That You Need To Know - Hidden Brains Infotech
Rosalie Lauren
 
Dev secops engineering-marketing-sheet
Dev secops engineering-marketing-sheetDev secops engineering-marketing-sheet
Dev secops engineering-marketing-sheet
Leonardo Arguedas Rodríguez
 
DevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and DeliveryDevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and Delivery
Dev Software
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei
 
DevSecOpsMaturityModel.pdf
DevSecOpsMaturityModel.pdfDevSecOpsMaturityModel.pdf
DevSecOpsMaturityModel.pdf
cdsk335
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps Transformation
Michele Chubirka
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?
Enov8
 
Devops online training ppt
Devops online training pptDevops online training ppt
Devops online training ppt
eduxfactor .com
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
Techugo
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.
Techugo
 
DevOps and Devsecops.pdf
DevOps and Devsecops.pdfDevOps and Devsecops.pdf
DevOps and Devsecops.pdf
Techugo
 
DevOps Online Training
DevOps Online Training DevOps Online Training
DevOps Online Training
VijayVijji8
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
MobibizIndia1
 
Introduction to DevOps in Cloud Computing.pptx
Introduction to DevOps in Cloud Computing.pptxIntroduction to DevOps in Cloud Computing.pptx
Introduction to DevOps in Cloud Computing.pptx
LAKSHMIS553566
 
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software DevelopmentDevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
Dev Software
 
Devops
DevopsDevops
Devops
penetration Tester
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxDevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptx
Gurajalanaganarasimh
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
The Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsThe Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOps
Dev Software
 
DevOps Vs SRE Major Differences That You Need To Know - Hidden Brains Infotech
DevOps Vs SRE Major Differences That You Need To Know - Hidden Brains InfotechDevOps Vs SRE Major Differences That You Need To Know - Hidden Brains Infotech
DevOps Vs SRE Major Differences That You Need To Know - Hidden Brains Infotech
Rosalie Lauren
 
Dev secops engineering-marketing-sheet
Dev secops engineering-marketing-sheetDev secops engineering-marketing-sheet
Dev secops engineering-marketing-sheet
Leonardo Arguedas Rodríguez
 
DevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and DeliveryDevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and Delivery
Dev Software
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei
 
DevSecOpsMaturityModel.pdf
DevSecOpsMaturityModel.pdfDevSecOpsMaturityModel.pdf
DevSecOpsMaturityModel.pdf
cdsk335
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps Transformation
Michele Chubirka
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?
Enov8
 
Devops online training ppt
Devops online training pptDevops online training ppt
Devops online training ppt
eduxfactor .com
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
Techugo
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.
Techugo
 
DevOps and Devsecops.pdf
DevOps and Devsecops.pdfDevOps and Devsecops.pdf
DevOps and Devsecops.pdf
Techugo
 
DevOps Online Training
DevOps Online Training DevOps Online Training
DevOps Online Training
VijayVijji8
 
Ad

More from Marc Hornbeek (20)

Value Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous SecurityValue Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous Security
Marc Hornbeek
 
DORA Companion Metrics unlock CICD diagnostic power.pdf
DORA Companion Metrics unlock CICD diagnostic power.pdfDORA Companion Metrics unlock CICD diagnostic power.pdf
DORA Companion Metrics unlock CICD diagnostic power.pdf
Marc Hornbeek
 
AI Assisted Continuous Testing - Talk Track v2.pdf
AI Assisted Continuous Testing - Talk Track v2.pdfAI Assisted Continuous Testing - Talk Track v2.pdf
AI Assisted Continuous Testing - Talk Track v2.pdf
Marc Hornbeek
 
Continuous Testing Landscape.pptx
Continuous Testing Landscape.pptxContinuous Testing Landscape.pptx
Continuous Testing Landscape.pptx
Marc Hornbeek
 
Feature Flags.pdf
Feature Flags.pdfFeature Flags.pdf
Feature Flags.pdf
Marc Hornbeek
 
DevOps_the_Gray Predictions for 2020
DevOps_the_Gray Predictions for 2020DevOps_the_Gray Predictions for 2020
DevOps_the_Gray Predictions for 2020
Marc Hornbeek
 
Gap assessment Continuous Testing
Gap assessment Continuous TestingGap assessment Continuous Testing
Gap assessment Continuous Testing
Marc Hornbeek
 
Seven step transformation blueprint
Seven step transformation blueprintSeven step transformation blueprint
Seven step transformation blueprint
Marc Hornbeek
 
Gap Assessment for DevOps
Gap Assessment for DevOpsGap Assessment for DevOps
Gap Assessment for DevOps
Marc Hornbeek
 
Gap assessment kubernetes
Gap assessment kubernetesGap assessment kubernetes
Gap assessment kubernetes
Marc Hornbeek
 
Gap Survey, Assessment and Analysis for DevSecOps
Gap Survey, Assessment and Analysis for DevSecOpsGap Survey, Assessment and Analysis for DevSecOps
Gap Survey, Assessment and Analysis for DevSecOps
Marc Hornbeek
 
Gap assessment containers
Gap assessment containersGap assessment containers
Gap assessment containers
Marc Hornbeek
 
Value stream mapping for DevOps
Value stream mapping for DevOpsValue stream mapping for DevOps
Value stream mapping for DevOps
Marc Hornbeek
 
The Quest for Quality at Speed
The Quest for Quality at SpeedThe Quest for Quality at Speed
The Quest for Quality at Speed
Marc Hornbeek
 
DevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) valueDevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) value
Marc Hornbeek
 
Rapid Strategic SRE Assessments
Rapid Strategic SRE AssessmentsRapid Strategic SRE Assessments
Rapid Strategic SRE Assessments
Marc Hornbeek
 
Engineering DevOps and Cloud
Engineering DevOps and CloudEngineering DevOps and Cloud
Engineering DevOps and Cloud
Marc Hornbeek
 
Engineering Continuous Delivery Architectures
Engineering Continuous Delivery ArchitecturesEngineering Continuous Delivery Architectures
Engineering Continuous Delivery Architectures
Marc Hornbeek
 
DevOps Test Engineering - Marc Hornbeek - July 2017
DevOps Test Engineering - Marc Hornbeek - July 2017DevOps Test Engineering - Marc Hornbeek - July 2017
DevOps Test Engineering - Marc Hornbeek - July 2017
Marc Hornbeek
 
Engineering DevOps Right the First Time
Engineering DevOps Right the First TimeEngineering DevOps Right the First Time
Engineering DevOps Right the First Time
Marc Hornbeek
 
Value Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous SecurityValue Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous Security
Marc Hornbeek
 
DORA Companion Metrics unlock CICD diagnostic power.pdf
DORA Companion Metrics unlock CICD diagnostic power.pdfDORA Companion Metrics unlock CICD diagnostic power.pdf
DORA Companion Metrics unlock CICD diagnostic power.pdf
Marc Hornbeek
 
AI Assisted Continuous Testing - Talk Track v2.pdf
AI Assisted Continuous Testing - Talk Track v2.pdfAI Assisted Continuous Testing - Talk Track v2.pdf
AI Assisted Continuous Testing - Talk Track v2.pdf
Marc Hornbeek
 
Continuous Testing Landscape.pptx
Continuous Testing Landscape.pptxContinuous Testing Landscape.pptx
Continuous Testing Landscape.pptx
Marc Hornbeek
 
Feature Flags.pdf
Feature Flags.pdfFeature Flags.pdf
Feature Flags.pdf
Marc Hornbeek
 
DevOps_the_Gray Predictions for 2020
DevOps_the_Gray Predictions for 2020DevOps_the_Gray Predictions for 2020
DevOps_the_Gray Predictions for 2020
Marc Hornbeek
 
Gap assessment Continuous Testing
Gap assessment Continuous TestingGap assessment Continuous Testing
Gap assessment Continuous Testing
Marc Hornbeek
 
Seven step transformation blueprint
Seven step transformation blueprintSeven step transformation blueprint
Seven step transformation blueprint
Marc Hornbeek
 
Gap Assessment for DevOps
Gap Assessment for DevOpsGap Assessment for DevOps
Gap Assessment for DevOps
Marc Hornbeek
 
Gap assessment kubernetes
Gap assessment kubernetesGap assessment kubernetes
Gap assessment kubernetes
Marc Hornbeek
 
Gap Survey, Assessment and Analysis for DevSecOps
Gap Survey, Assessment and Analysis for DevSecOpsGap Survey, Assessment and Analysis for DevSecOps
Gap Survey, Assessment and Analysis for DevSecOps
Marc Hornbeek
 
Gap assessment containers
Gap assessment containersGap assessment containers
Gap assessment containers
Marc Hornbeek
 
Value stream mapping for DevOps
Value stream mapping for DevOpsValue stream mapping for DevOps
Value stream mapping for DevOps
Marc Hornbeek
 
The Quest for Quality at Speed
The Quest for Quality at SpeedThe Quest for Quality at Speed
The Quest for Quality at Speed
Marc Hornbeek
 
DevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) valueDevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) value
Marc Hornbeek
 
Rapid Strategic SRE Assessments
Rapid Strategic SRE AssessmentsRapid Strategic SRE Assessments
Rapid Strategic SRE Assessments
Marc Hornbeek
 
Engineering DevOps and Cloud
Engineering DevOps and CloudEngineering DevOps and Cloud
Engineering DevOps and Cloud
Marc Hornbeek
 
Engineering Continuous Delivery Architectures
Engineering Continuous Delivery ArchitecturesEngineering Continuous Delivery Architectures
Engineering Continuous Delivery Architectures
Marc Hornbeek
 
DevOps Test Engineering - Marc Hornbeek - July 2017
DevOps Test Engineering - Marc Hornbeek - July 2017DevOps Test Engineering - Marc Hornbeek - July 2017
DevOps Test Engineering - Marc Hornbeek - July 2017
Marc Hornbeek
 
Engineering DevOps Right the First Time
Engineering DevOps Right the First TimeEngineering DevOps Right the First Time
Engineering DevOps Right the First Time
Marc Hornbeek
 
Ad

Recently uploaded (20)

DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...
IJCSES Journal
 
Smart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineeringSmart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineering
rushikeshnavghare94
 
IntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdfIntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdf
Luiz Carneiro
 
Introduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICSIntroduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICS
narayanaswamygdas
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
DT REPORT by Tech titan GROUP to introduce the subject design Thinking
DT REPORT by Tech titan GROUP to introduce the subject design ThinkingDT REPORT by Tech titan GROUP to introduce the subject design Thinking
DT REPORT by Tech titan GROUP to introduce the subject design Thinking
DhruvChotaliya2
 
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Journal of Soft Computing in Civil Engineering
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
Data Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptxData Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptx
RushaliDeshmukh2
 
Introduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptxIntroduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptx
AS1920
 
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptxExplainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
MahaveerVPandit
 
International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)
samueljackson3773
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
Metal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistryMetal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistry
mee23nu
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)
Vəhid Gəruslu
 
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITYADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ijscai
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...
IJCSES Journal
 
Smart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineeringSmart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineering
rushikeshnavghare94
 
IntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdfIntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdf
Luiz Carneiro
 
Introduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICSIntroduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICS
narayanaswamygdas
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
DT REPORT by Tech titan GROUP to introduce the subject design Thinking
DT REPORT by Tech titan GROUP to introduce the subject design ThinkingDT REPORT by Tech titan GROUP to introduce the subject design Thinking
DT REPORT by Tech titan GROUP to introduce the subject design Thinking
DhruvChotaliya2
 
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Journal of Soft Computing in Civil Engineering
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
Data Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptxData Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptx
RushaliDeshmukh2
 
Introduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptxIntroduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptx
AS1920
 
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptxExplainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
MahaveerVPandit
 
International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)
samueljackson3773
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
Metal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistryMetal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistry
mee23nu
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)
Vəhid Gəruslu
 
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITYADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ijscai
 

Continuous Security / DevSecOps- Why How and What

  • 1. Marc Hornbeek a.k.a. DevOps_the_Gray esq. CEO and Principal Consultant Engineering DevOps Consulting Author – Engineering DevOps [email protected] Continuous Security / DevSecOps Evolving from Security-as-an-audit strategies to Lifecycle Security-as-code strategies mybook.to/engineeringdevops https://devops.com/9-pillars-of-continuous-security-best-practices/
  • 2. Enterprise, Manufacturers, Service Providers and Institutions DevOps / QA / DevSecOps / SRE www.engineeringdevops.com [email protected] Training and Certifications DevOps, DevSecOps QA, SRE Assessments DevOps, DevSecOps, QA, SRE Strategic Planning Agile plans for 26 topics Speaking Engagements Conferences, Events, Onsite or Online Advisory Services Workshops, mentoring Content Writing Blogs, White papers, eBooks Webinars Content and delivery Engineering DevOps Consulting
  • 3. www.engineeringdevops.com What You Will Learn • What is Continuous Security / DevSecOps? • Why is continuous security important to DevOps? • How is security integrated into Continuous DevOps environments? • What do you need to integrate continuous security? • Typical Q&A
  • 4. What is Continuous Security / DevSecOps? Leadership Culture Design Integration Testing Infrastructure Monitoring Deployment
  • 5. What is Continuous Security / DevSecOps? Continuous Security as an integral part of continuous delivery cultures, processes and value streams. Integrating security practices into DevOps, such as Security as Code, is a way for security practitioners to operate and contribute value with less friction. Security practices must adapt dynamically to ensure data security and privacy issues are not left behind in the fast-paced world of DevOps.
  • 6. Why is continuous security important to DevOps? DevOps without DevSecOps generates security risks.
  • 7. Why is continuous security important to DevOps? DevOps without DevSecOps generates security risks. DevOps without DevSecOps is dangerous! Like Fusion energy: powerful but dangerous if not controlled Acceleration of dev and deployment without DevSecOps practices can result in unintended security risks (E.g. OWASP Top 10) - Designs without security considerations - New Attack surfaces: IOT, Mobile, home offices - Vulnerabilities embedded in code - Credentials embedded in dev artifacts - Additional Infrastructure attack surfaces - Poor Database from SQL injections - Exposing sensitive data - 3rd party code – Open source - Software supply chain (E.g., SolarWinds) - Inadequate login and monitoring capabilities.
  • 8. Why is continuous security important to DevOps? DevSecOps is an opportunity to integrate security into the DevOps value stream.
  • 9. Why is continuous security important to DevOps? DevSecOps is an opportunity to integrate security into the DevOps value stream. • DevSecOps is a Holy Grail for cybersecurity • Like fusion power – sophisticated controls are needed • Change security structure from “expert governance role” to “educated workforce supported by integrated technologies and practices”: - Education and training - Design with Security practices - Automated security scanning - Automated testing - End-to-end monitoring - Immutable Infrastructure as code practices - Security monkey.
  • 10. How is security integrated into Continuous DevOps environments? 9 Pillars of DevSecOps practices https://devops.com/9- pillars-of-continuous- security-best-practices/
  • 11. How is security integrated into Continuous DevOps environments? Foundations • Orchestration and automation of security tools and processes • Governance through monitoring and “as-code” controls 9 Pillars • Leadership: Evangelist, sponsor, budget, behavior reinforcement • Culture: Education, Empowerment, Communication, collaboration • Design: Security design standards and practices • Integration: Security Scanning dependency tracking, source and image control • Testing: security tests • Monitoring: security logs and analysis • Security as a pillar: security center of excellence • Infrastructure: Immutable infra as code • Delivery/Deployment: Deployment strategies, quick detection and recovery Arches • Value Streams make security visible end to end. • Planning and operations based on continuous leaning • Releases gated with security metrics • CI/CD Security tools orchestration and automation DevSecOps Practices
  • 12. Continuous Security / DevSecOps Engineering Blueprint DevSecOps provides an opportunity to reduce security risks if security is integrated into the continuous delivery pipeline according to good engineering practices.
  • 13. How is security integrated into Continuous DevOps environments? Security instrumentation, automation and observability
  • 14. How is security integrated into Continuous DevOps environments? Security instrumentation, automation and observability SHIFT VERY LEFT IS THE KEY TO DEVSECOPS • Top DevSecOps organizations focus on embedding security in the design and build stage of agile development. • Revamp the security operation model • Organization structure: from focus on security domains to Product focus • Communication: from formal governance to embedded culture • Roles and responsibilities: from Expert Assessor to Coaches and practitioners • Continuous Improvement: from Unconstructive KPIs to observable SLO/SLIs Center of Security Excellence Approach 1. Educate and empower others rather than policing compliance. 2. Automate security to help IT and the business achieve their agility goal 3. Monitor exceptions rather than police non-compliance. Employ Observability and SLO/SLO concepts.
  • 15. Seven-Step Transformation Blueprint 1. Visioning 2. Alignment 3. Assessment 4. Solution 5. Realize 6. Operationalize 7. Expansion What do you need to integrate continuous security? Kickoff Meeting Discovery Surveys Solution Mapping Workshops & Interviews Recommended Solution Follow-up Typical duration 21 days Rapid Strategic DevSecOps Assessment
  • 16. DevOps Adoption Blueprint Leadership / Culture Initiative Model Application m Application m + 1 • Adoption goals • Leaders training • Organization preparation • Model project selection • Investment (team & tools) • Architecture team • Monitoring and incentives • Team and organization • Training (CI/CD practices) • Goals, Assessment, Value Stream • Tool chain with ARA backbone • Automate CI and QA automation • Automate CD , containers, G/B, A/B • DevSecOps, SRE practices • KPIs, SLOs and monitoring tools • Site Reliability Engineering • Optimize (Kaizen) • App Selection • Self contained product teams (squads, tribes, SREs) • Proactive sharing or practices (Yokoten) • Info sharing (Chapters and Guilds) SCALE ! Systematic, measured, adoption progression POC MVP 2nd Way 1st Way 3rd Way Application m + 2 Application m + n . . . Scaling DevSecOps – Progressive Adoption Blueprint
  • 17. DevOps Adoption Blueprint Scaling DevSecOps – Progressive Adoption Blueprint The DevOps Progressive Adoption blueprint ensures all applications targeted for DevOps transformation progress towards continuous improvement instead of stalling out. Scaling DevOps to other applications across the enterprise will typically occur nearly in parallel with the development of DevOps for the Model application. Success patterns learned from the model application are communicated across the enterprise and applied to other applications proactively in a way referred to as “Yokoten”. The priorities for applications follow the same application selection criterion as the model. As DevOps scales to more and more applications across the enterprise, more of the organization is restructured into tightly coupled product teams while maintaining a culture of proactive cross-team sharing of DevOps practices. Establishing cross-team Chapters and Guilds is a good approach to facilitate sharing and communication.
  • 18. Summary / Takeaways Continuous security/DevSecOps is at once a transformation challenge to an opportunity for dramatic security improvement. There is no “standard” DevSecOps approach in the industry. The Continuous Security approach based on the Continuous Security Blueprint, 9 Pillars Assessment, Seven-Step Transformation Blueprint and Progressive Adoption Blueprint is proven, progressive and adaptable approach. Refer to www.engineeringdevops.com for more information regarding the Continuous Security/ DevSecOps approach.
  • 19. Discussion Questions What % of organizations are embracing continuous security? QA (10%) – DevOps (70%) – DevSecOps (?)- SRE/Security (?) World Software Quality 2020 Upskilling Report – DevOps Institute 42% project level 23% enterprise level 16% planning 81% overall Of those 52% state SECURITY SKILLS ARE MUST-HAVE
  • 20. What are some myths and realities for continuous security? Myth: tools and automation alone are the answer Reality: leadership, culture, training, automaton, observability Myth: Adopting DevSecOps means giving up control. Reality: SAC improves governance and compliance to security standards through automation.
  • 21. What are impediments to implementing continuous security? Need to establish a Center of Security Excellence Approach 1.Strategy Alignment 2.Culture - Educate and empower others rather than policing compliance. 3.Tools and Automation – strategy selection and work 4.Monitor exceptions rather than police non-compliance. Employ Observability and SLO/SLO concepts.
  • 22. How can you determine a roadmap to continuous security? There no one way or standard. What has proven to work: • Seven-Step Transformation Blueprint, starting with strategy alignment • Strategic Progressive Adoption Blueprint
  • 23. How will emerging technologies affect continuous security? • New attack surfaces – Work from home, IOT,5G Access networks • Supply chain – open source and 3rd part • DevSecOps embedded into applications, pipelines and infrastructure • Cloud-native, containers, microservices • DevSecOps as a service • AI/ML to help improve scans, observability and determine best actions
  • 24. DevOps / DevSecOps / SRE Tools Blueprints, Scorecards, Engineering Practices, Assessment tool, calculators, templates DevOps / DevSecOps / SRE Services Assessments, Strategic Planning, Training, Content www.EngineeringDevOps.com DevOps / DevSecOps / SRE White Papers & Book