3. Lack of SecOps agility
• Slow threat assessments
• Can’t patch fast enough
• Reactive security posture
• Slow to onboard new customers
• Hard to practice true DevOps
• Outpaced by disruptors
• Rogue dev projects
Lack of business agility
9. Dev
Run stuff
Break stuff
Architecture review
PII
compliance
Standards
conformance
Walkthroughs
Code development
Code validation
Test case development
Design
review
Unit test
Installation guidelines
Load and
stress test
Documentation
Performance
verification
System test
Function/component test
Buffer overflow risk assessment
Foot printing
Mobile
readiness
User interface
design
Resource consumption
metrics
Scalability
Web-
readiness
Help file construction
Lock out users
SDLC
Budget
Staffing
Skills
development
Ops
How Development Sees Operations
10. Job 1 is Deploying code
Quickly use new technologies
Ability to deploy regardless of platform
Freedom!
How developers click
11. Service Level
Agreements
Dev
Write code
Test some
ITIL Compliance
Power
consumption
IT Service Desk
Metrics
Site security
Acquisition and
procurement
Network
configuration
High availability
COBIT
Alignment
Business Continuity
Planning
Backup/recovery
strategy
Web security
Storage
consumption
Equipment upgrade/retirement
Vendor
certification
Change Review Board
Network bandwidth forecasting
Intrusion prevention/detectionFallback/roll forward
Patching
Identity and Access
Management
Virtual machine
management
Space planning
Skills
development
Legacy environment
support
Containers
Cloud migration strategy
ITIL Compliance
Organizational design
BYOD Security
Third-party risk management
Budget and funding
Cost recovery/chargeback
Ops
How Operations Sees Development
12. Reduce Surprises
Standards and control everywhere
Controlled changes
Less regulatory pressure
What helps security teams sleep
60. Key Takeaways
Start Small
Study Secure Frameworks in building apps
Security team has to learn some coding
DevOps is very powerful, use it for security
Don’t be afraid ~ integrate