Getting Security in the Loop: Building Balanced Teams

Oct 4, 20210 likes366 views

DevOps Loop at VMworld Session Title: Getting Security in the Loop: Building Balanced Teams Speaker: David Zendzian, VMware Tanzu Global Field CISO, VMware

Confidential │ ©2021 VMware, Inc.
David M. Zendzian (dmz) @dmz006
Global Field CISO, VMware Tanzu
Getting Security in the Loop:
Building Balanced Teams

Confidential │ ©2021VMware,Inc. 2
DevSecOps is the new DevOps is the new Dev is the new …

Confidential │ ©2021VMware,Inc. 3
We can never fully succeed alone: Bridging the DevSecOps Divide
“Organizations expect
developers to be more
involved with security
tasks in the future,
particularly among cloud
and workload tasks.
However, developers
currently aren’t very
involved in security
strategy planning or
execution”
It is important for security
and development teams to
work together so that
development teams are
clear which policies to
comply with and which
tools are approved.

Confidential │ ©2021VMware,Inc. 4
Well balanced teams require many different skills
Product Manager
Product Designer
Product Engineer
Security
Support
Marketing
Sales

Confidential │ ©2021VMware,Inc. 5
Teams need to empathize and adopt
DevOps and SRE are all new to security teams
Involve developers /
security in planning
early and often
Security needs to
learn language of
development team
Share KPIs and
increase
communication to
improve relationships
Automate security –
devops is new to
security world

Confidential │ ©2021VMware,Inc. 6
All great journeys are full of challenges
Plan for the entire journey, not just the first hill you cross
Shiftingsecurity left
without providing
context or support will
not succeed
Incentivize the team
toward the goals–
solvingproduct
problem, security,
speed and features
Great things happen
with a heterogeneous
team with different
skills

Confidential │ ©2021VMware,Inc. 7
A well-balanced team isn’t afraid of the challenge

Confidential │ ©2021VMware,Inc. 8
Successful teams are teams that work together

Confidential │ ©2021VMware,Inc.
Thank You
Please email any questions to dzendzian@vmware.com

The document provides an overview of updates to the Pivotal Platform in January 2020. Key updates include: - PAS 2.8 includes improved developer productivity features like sidecar container support and enhanced CPU metrics. - Apps Manager 2.8 integrates more closely with Spring Cloud Config Server and displays org quota information. - Steeltoe 2.4 supports .NET Core 3.0 and the Steeltoe CLI helps improve dev and prod parity. - Ops Manager 2.8 allows for more modular upgrades, optional tile dependencies, and auto-imports tiles. It also installs system metrics by default. - PKS 1.6, RabbitMQ 1.18, and other services

Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu

This document discusses achieving DevSecOps outcomes with Tanzu Advanced. It outlines how Tanzu Advanced provides capabilities across the DevSecOps lifecycle, including development environments, continuous integration/delivery, container packaging, a validated catalog of images, Kubernetes deployment and operations, connectivity and observability. It notes how Tanzu Advanced enables securing containers and applications, accelerating developer velocity, and simplifying multi-cloud operations.

What Is Spring?VMware Tanzu

Spring is an open source integration framework for Java applications. It began in 2002 as an alternative to EJB and has since expanded into a full application development framework. It provides core features like inversion of control (IoC) and dependency injection (DI) and supports various web frameworks, data access technologies, messaging, and cloud technologies. The Spring community has grown significantly in recent years, with over 15 million projects generated from start.spring.io in 2019 alone.

Transformation: Not Only the App But Also the Way We WorkVMware Tanzu

The document discusses transforming monolithic applications into microservice architectures. It outlines five steps for successful transformation: 1) Prepare the organization for agile work, 2) Define a better future together through alignment, 3) Start small and focus on the main user flows, 4) Focus on outcomes and iterative improvement, 5) Build high quality applications through developer best practices. The transformation results in not only modernized applications but also changed ways of working.

Accelerate Application Migration - August 5, 2020VMware Tanzu

Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu

What Does it Take to Deliver a Solution to Process Over $2B in Loans from Inc...VMware Tanzu

“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real EventsVMware Tanzu

Operational Transformation: Teachers’ Journey from App Servers to VMware TanzuVMware Tanzu

The document summarizes a company's journey from using application servers to migrating to VMware Tanzu. It outlines key dates and milestones in the migration process, including moving 55 applications to containers. It also discusses drivers for the shift to containers like isolation of environments and removing vendor lock-in. Additionally, the summary outlines how "nice to have" capabilities like monitoring and logging became "must haves" and how the company now has pipeline-driven apps and infrastructure with continuous development.

Pivotal Platform: A First Look at the October ReleaseVMware Tanzu

Join Dan Baskette and Jared Ruckle for a first look at the latest Pivotal Platform capabilities with demos and expert Q&A. Attend this session and learn how you can put these new updates to work for your enterprise. Build apps atop Kubernetes with: ● Azure Spring Cloud, a complete runtime for Spring apps atop Azure Kubernetes Service ● Pivotal Build Service, an automated workflow for code-to-container builds ● Container Services Manager for Pivotal Platform, a bridge between Pivotal Application Service and PKS Build apps atop a self-managed platform with: ● Pivotal Application Service 2.7, and its additional app deployment capabilities ● Pivotal Service Instance Manager, a new tool to help you manage backing services at scale Get your apps to production with CI/CD tools like: ● Pivotal Continuous Delivery with Spinnaker ● Pivotal Concourse 5.5 We’ll also review Pivotal Spring Cloud Gateway and Pivotal Cloud Cache 1.9! Presenter : Dan Baskette, Director, Technical Marketing & Jared Ruckle, Director, Product Marketing

Enterprise Application MigrationVMware Tanzu

Spring Cloud Kubernetes: An Easier Path from Idea to ProductionVMware Tanzu

Kubernetes might be a dream for operations teams willing to learn its intricacies, but it can be a nightmare for developers whose primary goal is getting working applications into production. Spring Cloud Kubernetes addresses developers’ needs by making it simple to deploy Spring Cloud and Spring Boot applications into Kubernetes environments. This webinar will explore some key Spring Cloud Kubernetes concepts and demonstrate the process of porting an existing application onto a Kubernetes cluster.

Robert Van Voorhees at VMware Tanzu Public Sector Connect 2021VMware Tanzu

The document discusses the challenges public sector organizations face in maintaining agility while adhering to regulations and deploying software across inconsistent environments. It proposes adopting a platform strategy using Kubernetes to reduce toil, accelerate software delivery, provide repeatable and scalable processes, and create unified services. A Kubernetes platform would help public sector organizations consistently operate across environments to achieve greater value than using Kubernetes alone.

DevSecOps: Security at the Speed of DevOpVMware Tanzu

This document discusses adopting a DevSecOps culture and practices through a 3-part framework. The framework involves: 1) Winning developers' trust by emphasizing building security in from the start rather than adding it on later, 2) Making security practices easy for developers to understand and implement through a self-assessment tool, and 3) Providing transparency to management on rollout progress through visualization of an organization's DevSecOps maturity. The overall aim is to achieve collaboration between development, operations, and security teams through a culture of shared responsibility for security.

Is Private Cloud Right for Your OrganizationDave Roberts

Making the Business a First-Class Citizen During the Application Modernizatio...VMware Tanzu

Reimagining Customer Experiences Utilizing Pivotal Cloud FoundryVMware Tanzu

SpringOne Platform 2017 Jason Michener, Comcast; Vipul Savjani, Accenture Comcast has been on a Cloud-Native Transformation Journey with Pivotal Cloud Foundry for the past 3 years. Recently, Comcast Customer Experience and Engineering Teams were given a seemingly impossible task: Replace a 3rd party AI/ML Customer Service tool by building our own in 8 weeks. Come learn how we leveraged our Pivotal Cloud Foundry service platforms in a hybrid public/private cloud with our best customer experience professionals to fundamentally change how we are engaging with our customers.

A Leader’s Guide to DevOps Practices and CultureVMware Tanzu

State of Steeltoe 2020VMware Tanzu

This presentation provides an overview and status update of the Steeltoe software framework. It discusses Steeltoe's components for observability, security, scalability, and ease of use. Recent updates include improvements to abstractions, configuration, connectors, discovery, management, and messaging. Future plans include further Kubernetes support, tooling enhancements, and making streams and data flow integration production-ready. The presentation encourages attendees to stay updated on Steeltoe's documentation, GitHub, Slack channel, and social media accounts.

Welcome to the MetricsVMware Tanzu

VMware Tanzu Introduction- June 11, 2020VMware Tanzu

This document outlines an agenda for a presentation on vSphere 7 With Kubernetes and Tanzu. It includes introductions of the presenters Bernard Park and Prasanna Upperi. The presentation will cover an overview of Tanzu, vSphere with Kubernetes, and Tanzu Mission Control. It will also include demonstrations. The document provides background on the presenters and describes the Tanzu portfolio and key products like Tanzu Kubernetes Grid, vSphere with Kubernetes, and Tanzu Mission Control. It outlines how vSphere with Kubernetes allows using Kubernetes to manage VMs, containers, and other workloads across environments in a standardized way through custom resources.

Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama

Respresenting Cyber Defense Community (cdef.id) to present and share my view on Secure DevOps / DevSecOps. Through this presentation, I shared several insights about: 1. How to balance the risk and controls in the "great shift left" paradigm (agile) 2. DevOps activities 3. How to seamlessly integrate security into DevOps 4. How to "shift left" the security" 5. Get started with Secure DevOps / DevSecOps 6. Case Study about DevSecOps implementation For further discussion, especially how to secure digital and agile transformation in your organization, don't hesitate to contact me :)

Building Security Into Your Cloud IT PracticesMighty Guides, Inc.

More Related Content

What's hot (20)

Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu

What Is Spring?VMware Tanzu

Transformation: Not Only the App But Also the Way We WorkVMware Tanzu

Accelerate Application Migration - August 5, 2020VMware Tanzu

Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu

What Does it Take to Deliver a Solution to Process Over $2B in Loans from Inc...VMware Tanzu

“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real EventsVMware Tanzu

Operational Transformation: Teachers’ Journey from App Servers to VMware TanzuVMware Tanzu

Pivotal Platform: A First Look at the October ReleaseVMware Tanzu

Enterprise Application MigrationVMware Tanzu

Spring Cloud Kubernetes: An Easier Path from Idea to ProductionVMware Tanzu

Robert Van Voorhees at VMware Tanzu Public Sector Connect 2021VMware Tanzu

DevSecOps: Security at the Speed of DevOpVMware Tanzu

Is Private Cloud Right for Your OrganizationDave Roberts

Making the Business a First-Class Citizen During the Application Modernizatio...VMware Tanzu

Reimagining Customer Experiences Utilizing Pivotal Cloud FoundryVMware Tanzu

A Leader’s Guide to DevOps Practices and CultureVMware Tanzu

State of Steeltoe 2020VMware Tanzu

Welcome to the MetricsVMware Tanzu

VMware Tanzu Introduction- June 11, 2020VMware Tanzu

Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu

What Is Spring?VMware Tanzu

Transformation: Not Only the App But Also the Way We WorkVMware Tanzu

Accelerate Application Migration - August 5, 2020VMware Tanzu

Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu

What Does it Take to Deliver a Solution to Process Over $2B in Loans from Inc...VMware Tanzu

“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real EventsVMware Tanzu

Operational Transformation: Teachers’ Journey from App Servers to VMware TanzuVMware Tanzu

Pivotal Platform: A First Look at the October ReleaseVMware Tanzu

Enterprise Application MigrationVMware Tanzu

Spring Cloud Kubernetes: An Easier Path from Idea to ProductionVMware Tanzu

Robert Van Voorhees at VMware Tanzu Public Sector Connect 2021VMware Tanzu

DevSecOps: Security at the Speed of DevOpVMware Tanzu

Is Private Cloud Right for Your OrganizationDave Roberts

Making the Business a First-Class Citizen During the Application Modernizatio...VMware Tanzu

Reimagining Customer Experiences Utilizing Pivotal Cloud FoundryVMware Tanzu

A Leader’s Guide to DevOps Practices and CultureVMware Tanzu

State of Steeltoe 2020VMware Tanzu

Welcome to the MetricsVMware Tanzu

VMware Tanzu Introduction- June 11, 2020VMware Tanzu

Similar to Getting Security in the Loop: Building Balanced Teams (20)

Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama

Building Security Into Your Cloud IT PracticesMighty Guides, Inc.

The Journey to DevSecOpsSeniorStoryteller

This document discusses the evolution of DevSecOps and provides guidance for security professionals. It notes that DevSecOps approaches have gained popularity as DevOps has grown over the past decade. It recommends that security professionals focus on detection over protection, embrace a blameless culture of continuous improvement, and get involved in DevSecOps communities to help build security tools and practices.

The Journey to DevSecOpsShannon Lietz

This document summarizes Shannon Lietz's presentation on the journey to DevSecOps. Some key points include: - DevOps practices started gaining popularity around 2010 due to influential articles and talks. - Security decisions are now often made by DevOps teams on a daily basis rather than security teams. - Compliance alone is not enough for security - there must be continuous improvement through testing, detection, and measurement of progress. - A blameless culture is important for high performance, as mistakes will happen but can be addressed quickly through collaboration.

DevSecOps Story with added security controlsHareeshNani5

Secure DevOps - Evolution or Revolution?Security Innovation

DevSecOps: Integrating Security into DevOpsDomain News Tech

DevSecOps – The Importance of DevOps Security in 2023.docxXavor Corporation - Redefining Health Technology

DevOps security (DevSecOps) is an extension of DevOps that integrates security practices into the software development lifecycle. It addresses challenges like securing privileged credentials and tools used in DevOps environments. DevSecOps works by implementing security policies as code, separating duties between developers and security teams, and integrating security checks into continuous integration/delivery pipelines. Automating security mechanisms and taking a proactive security approach are also important for DevSecOps.

Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com

Past history, differing world views of their roles, shadow IT development, force-fitting security tools, and past frictions can all can make gelling as a cross-functional team difficult. Yet, it’s essential to achieve fast software creation and delivery, while also ensuring the applications created are secure and risk is always appropriately managed. Where do we start? Start with this webinar featuring Mitch Ashley, security technologist and CEO of Accelerated Strategies Group, who will explore strategies for successful DevSecOps. You will learn: How to successfully implement purpose-built, developer friendly secrets management tools security professionals and dev teams are thrilled to embrace.

_Best practices towards a well-polished DevSecOps environment (1).pdfEnov8

Integrated Security for Software Development and Advanced Penetration Testing...Symptai Consulting Limited

The Importance of DevOps Security in 2023.docxXavor Corporation - Redefining Health Technology

Introduction to DevSecOpsabhimanyubhogwan

Link to Youtube video: https://youtu.be/-awH_CC4DLo You can contact me at [email protected] My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/ Basic Introduction to DevSecOps concept Why What and How for DevSecOps Basic intro for Threat Modeling Basic Intro for Security Champions 3 pillars of DevSecOps 6 important components of a DevSecOps approach DevSecOps Security Best Practices How to integrate security in CI/CD pipeline

Foxtrot Division Capabilities Collection Jeff Hunter

Ensuring Secure and Efficient Operations with DevOps SecurityDev Software

State of DevSecOps - DevSecOpsDays 2019Stefan Streichsbier

ISACA Ireland Keynote 2015Shannon Lietz

How To Implement DevSecOps In Your Existing DevOps WorkflowEnov8

Product SecuritySteven Carlson

The document discusses product security and how it relates to application security, infrastructure security, and security operations for a specific product or system. It argues that applying DevOps methodologies to traditional application security practices can help make security part of everyday work for developers and operations teams. This will help change an organization's security culture to focus on designing security into products from the start.

Secure DevOPS Implementation GuidanceTej Luthra

Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama

Building Security Into Your Cloud IT PracticesMighty Guides, Inc.

The Journey to DevSecOpsSeniorStoryteller

The Journey to DevSecOpsShannon Lietz

DevSecOps Story with added security controlsHareeshNani5

Secure DevOps - Evolution or Revolution?Security Innovation

DevSecOps: Integrating Security into DevOpsDomain News Tech

DevSecOps – The Importance of DevOps Security in 2023.docxXavor Corporation - Redefining Health Technology

Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com

_Best practices towards a well-polished DevSecOps environment (1).pdfEnov8

Integrated Security for Software Development and Advanced Penetration Testing...Symptai Consulting Limited

The Importance of DevOps Security in 2023.docxXavor Corporation - Redefining Health Technology

Introduction to DevSecOpsabhimanyubhogwan

Foxtrot Division Capabilities Collection Jeff Hunter

Ensuring Secure and Efficient Operations with DevOps SecurityDev Software

State of DevSecOps - DevSecOpsDays 2019Stefan Streichsbier

ISACA Ireland Keynote 2015Shannon Lietz

How To Implement DevSecOps In Your Existing DevOps WorkflowEnov8

Product SecuritySteven Carlson

Secure DevOPS Implementation GuidanceTej Luthra

More from VMware Tanzu (20)

Spring into AI presented by Dan Vega 5/14VMware Tanzu

What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu

The document summarizes Matthew Quinn's presentation on "What AI Means For Your Product Strategy And What To Do About It" at Denver Startup Week 2023. The presentation discusses how generative AI could impact product strategies by potentially solving problems companies have ignored or allowing competitors to create new solutions. Quinn advises product teams to evaluate their strategies and roadmaps, ensure they understand user needs, and consider how AI may change the problems being addressed. He provides examples of how AI could influence product development for apps in home organization and solar sales. Quinn concludes by urging attendees not to ignore AI's potential impacts and to have hard conversations about emerging threats and opportunities.

Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu

This document discusses the evolution of internal developer platforms and defines what they are. It provides a timeline of how technologies like infrastructure as a service, public clouds, containers and Kubernetes have shaped developer platforms. The key aspects of an internal developer platform are described as providing application-centric abstractions, service level agreements, automated processes from code to production, consolidated monitoring and feedback. The document advocates that internal platforms should make the right choices obvious and easy for developers. It also introduces Backstage as an open source solution for building internal developer portals.

Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu

Cardinal Health introduced Tanzu Application Service in 2016 and set up foundations for cloud native applications in AWS and later migrated to GCP in 2018. TAS has provided Cardinal Health with benefits like faster development of applications, zero downtime for critical applications, hosting over 5,000 application instances, quicker patching for security vulnerabilities, and savings through reduced lead times and staffing needs.

Spring Update | July 2023VMware Tanzu

Dan Vega discussed upcoming changes and improvements in Spring including Spring Boot 3, which will have support for JDK 17, Jakarta EE 9/10, ahead-of-time compilation, improved observability with Micrometer, and Project Loom's virtual threads. Spring Boot 3.1 additions were also highlighted such as Docker Compose integration and Spring Authorization Server 1.0. Spring Boot 3.2 will focus on embracing virtual threads from Project Loom to improve scalability of web applications.

Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu

This document discusses building platforms as products and reducing developer toil. It notes that platform engineering now encompasses PaaS and developer tools. A quote from Mercedes-Benz emphasizes building platforms for developers, not for the company itself. The document contrasts reactive, ticket-driven approaches with automated, self-service platforms and products. It discusses moving from considering platforms as a cost center to experts that drive business results. Finally, it provides questions to identify sources of developer toil, such as issues with workstation setup, running software locally, integration testing, committing changes, and release processes.

Building Cloud Ready AppsVMware Tanzu

This document provides an overview of building cloud-ready applications in .NET. It defines what makes an application cloud-ready, discusses common issues with legacy applications, and recommends design patterns and practices to address these issues, including loose coupling, high cohesion, messaging, service discovery, API gateways, and resiliency policies. It includes code examples and links to additional resources.

Spring Boot 3 And BeyondVMware Tanzu

Dan Vega discussed new features and capabilities in Spring Boot 3 and beyond, including support for JDK 17, Jakarta EE 9, ahead-of-time compilation, observability with Micrometer, Docker Compose integration, and initial support for Project Loom's virtual threads in Spring Boot 3.2 to improve scalability. He provided an overview of each new feature and explained how they can help Spring applications.

Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu

Spring Cloud Gateway is a gateway that provides routing, security, monitoring, and resiliency capabilities for microservices. It acts as an API gateway and sits in front of microservices, routing requests to the appropriate microservice. The gateway uses predicates and filters to route requests and modify requests and responses. It is lightweight and built on reactive principles to enable it to scale to thousands of routes.

Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu

Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu

tanzu_developer_connect.pptxVMware Tanzu

This document appears to be from a VMware Tanzu Developer Connect presentation. It discusses Tanzu Application Platform (TAP), which provides a developer experience on Kubernetes across multiple clouds. TAP aims to unlock developer productivity, build rapid paths to production, and coordinate the work of development, security and operations teams. It offers features like pre-configured templates, integrated developer tools, centralized visibility and workload status, role-based access control, automated pipelines and built-in security. The presentation provides examples of how these capabilities improve experiences for developers, operations teams and security teams.

Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu

Tanzu Developer Connect Workshop - EnglishVMware Tanzu

The document provides information about a Tanzu Developer Connect Workshop on Tanzu Application Platform. The agenda includes welcome and introductions on Tanzu Application Platform, followed by interactive hands-on workshops on the developer experience and operator experience. It will conclude with a quiz, prizes and giveaways. The document discusses challenges with developing on Kubernetes and how Tanzu Application Platform aims to improve the developer experience with features like pre-configured templates, developer tools integration, rapid iteration and centralized management.

Virtual Developer Connect Workshop - EnglishVMware Tanzu

Tanzu Developer Connect - FrenchVMware Tanzu

Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu

This document discusses simplifying and scaling enterprise Spring applications in the cloud. It provides an overview of Azure Spring Apps, which is a fully managed platform for running Spring applications on Azure. Azure Spring Apps handles infrastructure management and application lifecycle management, allowing developers to focus on code. It is jointly built, operated, and supported by Microsoft and VMware. The document demonstrates how to create an Azure Spring Apps service, create an application, and deploy code to the application using three simple commands. It also discusses features of Azure Spring Apps Enterprise, which includes additional capabilities from VMware Tanzu components.

SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu

The document discusses 15 factors for building cloud native applications with Kubernetes based on the 12 factor app methodology. It covers factors such as treating code as immutable, externalizing configuration, building stateless and disposable processes, implementing authentication and authorization securely, and monitoring applications like space probes. The presentation aims to provide an overview of the 15 factors and demonstrate how to build cloud native applications using Kubernetes based on these principles.

SpringOne Tour: The Influential Software EngineerVMware Tanzu

The document discusses the importance of culture in software projects and how to influence culture. It notes that software projects involve people and personalities, not just technology. It emphasizes that culture informs everything a company does and is very difficult to change. It provides advice on being aware of your company's culture, finding ways to inculcate good cultural values like writing high-quality code, and approaches for influencing decision makers to prioritize culture.

SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu

This document discusses domain-driven design, clean architecture, bounded contexts, and various modeling concepts. It provides examples of an e-scooter reservation system to illustrate domain modeling techniques. Key topics covered include identifying aggregates, bounded contexts, ensuring single sources of truth, avoiding anemic domain models, and focusing on observable domain behaviors rather than implementation details.

Spring into AI presented by Dan Vega 5/14VMware Tanzu

What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu

Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu

Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu

Spring Update | July 2023VMware Tanzu

Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu

Building Cloud Ready AppsVMware Tanzu

Spring Boot 3 And BeyondVMware Tanzu

Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu

Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu

Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu

tanzu_developer_connect.pptxVMware Tanzu

Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu

Tanzu Developer Connect Workshop - EnglishVMware Tanzu

Virtual Developer Connect Workshop - EnglishVMware Tanzu

Tanzu Developer Connect - FrenchVMware Tanzu

Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu

SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu

SpringOne Tour: The Influential Software EngineerVMware Tanzu

SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu

Recently uploaded (20)

MCP Dev Summit - Pragmatic Scaling of Enterprise GenAI with MCPSambhav Kothari

SDG 9000 Series: Unleashing multigigabit everywhereAdtran

Supercharge Your AI Development with Local LLMsFrancesco Corti

In today's AI development landscape, developers face significant challenges when building applications that leverage powerful large language models (LLMs) through SaaS platforms like ChatGPT, Gemini, and others. While these services offer impressive capabilities, they come with substantial costs that can quickly escalate especially during the development lifecycle. Additionally, the inherent latency of web-based APIs creates frustrating bottlenecks during the critical testing and iteration phases of development, slowing down innovation and frustrating developers. This talk will introduce the transformative approach of integrating local LLMs directly into their development environments. By bringing these models closer to where the code lives, developers can dramatically accelerate development lifecycles while maintaining complete control over model selection and configuration. This methodology effectively reduces costs to zero by eliminating dependency on pay-per-use SaaS services, while opening new possibilities for comprehensive integration testing, rapid prototyping, and specialized use cases.

Evaluation Challenges in Using Generative AI for Science & Technical ContentPaul Groth

Evaluation Challenges in Using Generative AI for Science & Technical Content. Foundation Models show impressive results in a wide-range of tasks on scientific and legal content from information extraction to question answering and even literature synthesis. However, standard evaluation approaches (e.g. comparing to ground truth) often don't seem to work. Qualitatively the results look great but quantitive scores do not align with these observations. In this talk, I discuss the challenges we've face in our lab in evaluation. I then outline potential routes forward.

Multistream in SIP and NoSIP @ OpenSIPS Summit 2025Lorenzo Miniero

Slides for my "Multistream support in the Janus SIP and NoSIP plugins" presentation at the OpenSIPS Summit 2025 event. They describe my efforts refactoring the Janus SIP and NoSIP plugins to allow for the gatewaying of an arbitrary number of audio/video streams per call (thus breaking the current 1-audio/1-video limitation), plus some additional considerations on what this could mean when dealing with application protocols negotiated via SIP as well.

AI Trends - Mary MeekerRazin Mustafiz

Protecting Your Sensitive Data with Microsoft Purview - IRMS 2025Nikki Chapple

Session | Protecting Your Sensitive Data with Microsoft Purview: Practical Information Protection and DLP Strategies Presenter | Nikki Chapple (MVP| Principal Cloud Architect CloudWay) & Ryan John Murphy (Microsoft) Event | IRMS Conference 2025 Format | Birmingham UK Date | 18-20 May 2025 In this closing keynote session from the IRMS Conference 2025, Nikki Chapple and Ryan John Murphy deliver a compelling and practical guide to data protection, compliance, and information governance using Microsoft Purview. As organizations generate over 2 billion pieces of content daily in Microsoft 365, the need for robust data classification, sensitivity labeling, and Data Loss Prevention (DLP) has never been more urgent. This session addresses the growing challenge of managing unstructured data, with 73% of sensitive content remaining undiscovered and unclassified. Using a mountaineering metaphor, the speakers introduce the “Secure by Default” blueprint—a four-phase maturity model designed to help organizations scale their data security journey with confidence, clarity, and control. 🔐 Key Topics and Microsoft 365 Security Features Covered: Microsoft Purview Information Protection and DLP Sensitivity labels, auto-labeling, and adaptive protection Data discovery, classification, and content labeling DLP for both labeled and unlabeled content SharePoint Advanced Management for workspace governance Microsoft 365 compliance center best practices Real-world case study: reducing 42 sensitivity labels to 4 parent labels Empowering users through training, change management, and adoption strategies 🧭 The Secure by Default Path – Microsoft Purview Maturity Model: Foundational – Apply default sensitivity labels at content creation; train users to manage exceptions; implement DLP for labeled content. Managed – Focus on crown jewel data; use client-side auto-labeling; apply DLP to unlabeled content; enable adaptive protection. Optimized – Auto-label historical content; simulate and test policies; use advanced classifiers to identify sensitive data at scale. Strategic – Conduct operational reviews; identify new labeling scenarios; implement workspace governance using SharePoint Advanced Management. 🎒 Top Takeaways for Information Management Professionals: Start secure. Stay protected. Expand with purpose. Simplify your sensitivity label taxonomy for better adoption. Train your users—they are your first line of defense. Don’t wait for perfection—start small and iterate fast. Align your data protection strategy with business goals and regulatory requirements. 💡 Who Should Watch This Presentation? This session is ideal for compliance officers, IT administrators, records managers, data protection officers (DPOs), security architects, and Microsoft 365 governance leads. Whether you're in the public sector, financial services, healthcare, or education. 🔗 Read the blog: https://nikkichapple.com/irms-conference-2025/

Offshore IT Support: Balancing In-House and Offshore Help Desk Techniciansjohn823664

In today's always-on digital environment, businesses must deliver seamless IT support across time zones, devices, and departments. This SlideShare explores how companies can strategically combine in-house expertise with offshore talent to build a high-performing, cost-efficient help desk operation. From the benefits and challenges of offshore support to practical models for integrating global teams, this presentation offers insights, real-world examples, and key metrics for success. Whether you're scaling a startup or optimizing enterprise support, discover how to balance cost, quality, and responsiveness with a hybrid IT support strategy. Perfect for IT managers, operations leads, and business owners considering global help desk solutions.

Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)Eugene Fidelin

Marko.js is an open-source JavaScript framework created by eBay back in 2014. It offers super-efficient server-side rendering, making it ideal for big e-commerce sites and other multi-page apps where speed and SEO really matter. After over 10 years of development, Marko has some standout features that make it an interesting choice. In this talk, I’ll dive into these unique features and showcase some of Marko's innovative solutions. You might not use Marko.js at your company, but there’s still a lot you can learn from it to bring to your next project.

GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...James Anderson

The Quantum Apocalypse: A Looming Threat & The Need for Post-Quantum Encryption We explore the imminent risks posed by quantum computing to modern encryption standards and the urgent need for post-quantum cryptography (PQC). Bio: With 30 years in cybersecurity, including as a CISO, Tommy is a strategic leader driving security transformation, risk management, and program maturity. He has led high-performing teams, shaped industry policies, and advised organizations on complex cyber, compliance, and data protection challenges.

ECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptxJasper Oosterveld

Microsoft Build 2025 takeaways in one presentationDigitalmara

Microsoft Build 2025 introduced significant updates. Everything revolves around AI. DigitalMara analyzed these announcements: • AI enhancements for Windows 11 By embedding AI capabilities directly into the OS, Microsoft is lowering the barrier for users to benefit from intelligent automation without requiring third-party tools. It's a practical step toward improving user experience, such as streamlining workflows and enhancing productivity. However, attention should be paid to data privacy, user control, and transparency of AI behavior. The implementation policy should be clear and ethical. • GitHub Copilot coding agent The introduction of coding agents is a meaningful step in everyday AI assistance. However, it still brings challenges. Some people compare agents with junior developers. They noted that while the agent can handle certain tasks, it often requires supervision and can introduce new issues. This innovation holds both potential and limitations. Balancing automation with human oversight is crucial to ensure quality and reliability. • Introduction of Natural Language Web NLWeb is a significant step toward a more natural and intuitive web experience. It can help users access content more easily and reduce reliance on traditional navigation. The open-source foundation provides developers with the flexibility to implement AI-driven interactions without rebuilding their existing platforms. NLWeb is a promising level of web interaction that complements, rather than replaces, well-designed UI. • Introduction of Model Context Protocol MCP provides a standardized method for connecting AI models with diverse tools and data sources. This approach simplifies the development of AI-driven applications, enhancing efficiency and scalability. Its open-source nature encourages broader adoption and collaboration within the developer community. Nevertheless, MCP can face challenges in compatibility across vendors and security in context sharing. Clear guidelines are crucial. • Windows Subsystem for Linux is open-sourced It's a positive step toward greater transparency and collaboration in the developer ecosystem. The community can now contribute to its evolution, helping identify issues and expand functionality faster. However, open-source software in a core system also introduces concerns around security, code quality management, and long-term maintenance. Microsoft’s continued involvement will be key to ensuring WSL remains stable and secure. • Azure AI Foundry platform hosts Grok 3 AI models Adding new models is a valuable expansion of AI development resources available at Azure. This provides developers with more flexibility in choosing language models that suit a range of application sizes and needs. Hosting on Azure makes access and integration easier when using Microsoft infrastructure.

AI Emotional Actors: “When Machines Learn to Feel and Perform"AkashKumar809858

Splunk Leadership Forum Wien - 20.05.2025Splunk

What is DePIN? The Hottest Trend in Web3 Right Now!cryptouniversityoffi

TrustArc Webinar: Mastering Privacy ContractingTrustArc

As data privacy regulations become more pervasive across the globe and organizations increasingly handle and transfer (including across borders) meaningful volumes of personal and confidential information, the need for robust contracts to be in place is more important than ever. This webinar will provide a deep dive into privacy contracting, covering essential terms and concepts, negotiation strategies, and key practices for managing data privacy risks. Whether you're in legal, privacy, security, compliance, GRC, procurement, or otherwise, this session will include actionable insights and practical strategies to help you enhance your agreements, reduce risk, and enable your business to move fast while protecting itself. This webinar will review key aspects and considerations in privacy contracting, including: - Data processing addenda, cross-border transfer terms including EU Model Clauses/Standard Contractual Clauses, etc. - Certain legally-required provisions (as well as how to ensure compliance with those provisions) - Negotiation tactics and common issues - Recent lessons from recent regulatory actions and disputes

A Comprehensive Guide on Integrating Monoova Payment Gatewaydanielle hunter

Introducing FME Realize: A New Era of Spatial Computing and ARSafe Software

A new era for the FME Platform has arrived – and it’s taking data into the real world. Meet FME Realize: marking a new chapter in how organizations connect digital information with the physical environment around them. With the addition of FME Realize, FME has evolved into an All-data, Any-AI Spatial Computing Platform. FME Realize brings spatial computing, augmented reality (AR), and the full power of FME to mobile teams: making it easy to visualize, interact with, and update data right in the field. From infrastructure management to asset inspections, you can put any data into real-world context, instantly. Join us to discover how spatial computing, powered by FME, enables digital twins, AI-driven insights, and real-time field interactions: all through an intuitive no-code experience. In this one-hour webinar, you’ll: -Explore what FME Realize includes and how it fits into the FME Platform -Learn how to deliver real-time AR experiences, fast -See how FME enables live, contextual interactions with enterprise data across systems -See demos, including ones you can try yourself -Get tutorials and downloadable resources to help you start right away Whether you’re exploring spatial computing for the first time or looking to scale AR across your organization, this session will give you the tools and insights to get started with confidence.

STKI Israel Market Study 2025 final v1 versionDr. Jimmy Schwarzkopf

Introducing Ensemble Cloudlet vRouterAdtran

Adtran’s new Ensemble Cloudlet vRouter solution gives service providers a smarter way to replace aging edge routers. With virtual routing, cloud-hosted management and optional design services, the platform makes it easy to deliver high-performance Layer 3 services at lower cost. Discover how this turnkey, subscription-based solution accelerates deployment, supports hosted VNFs and helps boost enterprise ARPU.

MCP Dev Summit - Pragmatic Scaling of Enterprise GenAI with MCPSambhav Kothari

SDG 9000 Series: Unleashing multigigabit everywhereAdtran

Supercharge Your AI Development with Local LLMsFrancesco Corti

Evaluation Challenges in Using Generative AI for Science & Technical ContentPaul Groth

Multistream in SIP and NoSIP @ OpenSIPS Summit 2025Lorenzo Miniero

AI Trends - Mary MeekerRazin Mustafiz

Protecting Your Sensitive Data with Microsoft Purview - IRMS 2025Nikki Chapple

Offshore IT Support: Balancing In-House and Offshore Help Desk Techniciansjohn823664

Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)Eugene Fidelin

GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...James Anderson

ECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptxJasper Oosterveld

Microsoft Build 2025 takeaways in one presentationDigitalmara

AI Emotional Actors: “When Machines Learn to Feel and Perform"AkashKumar809858

Splunk Leadership Forum Wien - 20.05.2025Splunk

What is DePIN? The Hottest Trend in Web3 Right Now!cryptouniversityoffi

TrustArc Webinar: Mastering Privacy ContractingTrustArc

A Comprehensive Guide on Integrating Monoova Payment Gatewaydanielle hunter

Introducing FME Realize: A New Era of Spatial Computing and ARSafe Software

STKI Israel Market Study 2025 final v1 versionDr. Jimmy Schwarzkopf

Introducing Ensemble Cloudlet vRouterAdtran

Getting Security in the Loop: Building Balanced Teams

3. Confidential │ ©2021VMware,Inc. 3 We can never fully succeed alone: Bridging the DevSecOps Divide “Organizations expect developers to be more involved with security tasks in the future, particularly among cloud and workload tasks. However, developers currently aren’t very involved in security strategy planning or execution” It is important for security and development teams to work together so that development teams are clear which policies to comply with and which tools are approved.

5. Confidential │ ©2021VMware,Inc. 5 Teams need to empathize and adopt DevOps and SRE are all new to security teams Involve developers / security in planning early and often Security needs to learn language of development team Share KPIs and increase communication to improve relationships Automate security – devops is new to security world

6. Confidential │ ©2021VMware,Inc. 6 All great journeys are full of challenges Plan for the entire journey, not just the first hill you cross Shiftingsecurity left without providing context or support will not succeed Incentivize the team toward the goals– solvingproduct problem, security, speed and features Great things happen with a heterogeneous team with different skills

Getting Security in the Loop: Building Balanced Teams

Recommended

More Related Content

What's hot (20)

Similar to Getting Security in the Loop: Building Balanced Teams (20)

More from VMware Tanzu (20)

Recently uploaded (20)

Getting Security in the Loop: Building Balanced Teams