Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Security is the Center of the DevOps World, Keynote

2.432 Aufrufe

Veröffentlicht am

About Caroline Wong
Vice President of Security Strategy, Cobalt

Caroline was featured as an Influencer in the 2017 Women in IT Security issue of SC Magazine and has been named one of the Top Women in Cloud by CloudNOW. She received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill in 2011. Caroline graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences and holds a certificate in Finance and Accounting from Stanford University Graduate School of Business.

About Paula Thrasher
Director of Digital Services, CSRA

Paula is the Director of Digital Services at CSRA and leads the Agile, Testing, User Experience and DevOps centers of excellence delivery organizations. She has over 18 years' experience in information technology and works in the federal market leading agencies and teams towards Agile and DevOps. Improvements experienced on Ms. Thrasher's current program include increasing quantity of deployments by 220%, completing 18 months of backlog in 12 weeks, increasing quantity of features delivered by 30%, and using increasing automation around test and verification to accomplish 6 FTE worth of testing effort per 1 FTE. Last year she co-authored the paper Tactics for Leading Change with other industry leaders for IT Revolution and the DevOps Enterprise Forum.

About Shannon Lietz
Director, DevSecOps, Intuit

Award winning leader in security innovation with experience developing emerging security programs for Fortune 500 companies: Intuit, ServiceNow, Sony, Sempra Energy, Savvis, Cable and Wireless, 99 Cents Only, Exodus, Bank of America, among others internationally. Received the Scott Cook Innovation Award in 2014 for developing and cultivating a world class Cloud Security Program that allows for sensitive data to be protected in AWS. Ms. Lietz is currently the Director of DevSecOps for Intuit where she is responsible for setting and driving the company’s Cloud Security Strategy, Roadmap, and full-scale Program in support of corporate innovation. She has previous experience as a Master Security Architect, an Entrepreneur, and often volunteers to educate on security topics. Ms. Lietz is a passionate DevSecOps and Rugged evangelist.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Security is the Center of the DevOps World, Keynote

  1. 1. Security is the Center of a DevOps World Shannon Lietz, @devsecops Paula Thrasher, @paula_thrasher Caroline Wong, @CarolineWMWong
  2. 2. Take Responsibility. Give Credit. @seniorstoryteller <me /> 19 84 19 89 19 96 20 01 20 11DEVELOPER OPERATIONS “DEVSECOPS” “RUGGED” SECURITY PRESE NT -- FOUNDER - - SAFER SOFTWARE SOONER Copyright © DevSecOps Foundation 2018
  3. 3. DevOps hiring is up ~2000% in last 6 years! • Imagine solving the world’s problems faster by collaborating and taking responsibility. • In connection with Cloud Computing, DevOps is the cultural enabler needed to scale creativity and innovation. • With the goal of solving customer problems faster, no wonder DevOps is taking over. ~1500% increase In 2 years Copyright © DevSecOps Foundation 2018
  4. 4. Cloud growth is exponential!! • Public Cloud adoption is accelerating at a rapid pace… • Software defined environments allow scale to happen and more decisions to be made daily… • More people can experiment, learn and fail at a rapid pace to solve for customer demand…. • Creativity is the next frontier… http://www.geekwire.com/2016/study-aws-45-share-public-cloud-infrastructure-market-microsoft-google-ibm-combined/ Copyright © DevSecOps Foundation 2018
  5. 5. “THIS IS THE END OF SECURITY AS WE KNOW IT… AND ISN’T IT A GOOD THING!” -Josh Corman Copyright © DevSecOps Foundation 2018
  6. 6. BANG HEAD HERE Copyright © DevSecOps Foundation 2018
  7. 7. evolution value compliance genesis customer custom- built product (+rental) commodity (+utility) devsecops visible invisible compute cloud compliance as code informational website domain names devops continuous deployment continuous integration transparent security rugged software fewer better suppliers security as code agile mobile customer-driven innovation traditional SDLC traditional security web app search engine red team penetration testing commodity bound growth emerging Catching up takes commitment Copyright © DevSecOps Foundation 2018
  8. 8. 1 2 3 4 5 Burp Crawl Walk Run Fly CULTURE Surprising with lots of Push Back Full Awareness but Feeling Helpless Integrated and Talked about by Execs Measured by Execs Context driven decisions SKILLS Skills developed outside of job function Skills lining up with job functions Skill development paired with job Proactive skill development to meet roadmap demands Knowledge evolves inline / Lessons savored PROGRAM / OUTCOMES Just getting by Orderly Processes & Faster Reactions Reduced number of Incidents Measurable difference in attacks Predictive & Proactive SECURITY PRIORITIES P0/Critical Waiting for Attackers P0 and P1s Some Hygiene P0 and P1s Compliance Attack Surface driven & measured Staying ahead of Bad guys Continuous Insanity Measurable Reactive Proactive DevSecOps Maturity Model Copyright © DevSecOps Foundation 2018
  9. 9. Security is the Center of a DevOps World Shannon Lietz, @devsecops Paula Thrasher, @paula_thrasher Caroline Wong, @CarolineWMWong