SlideShare ist ein Scribd-Unternehmen logo

2016 - Safely Removing the Last Roadblock to Continuous Delivery

Als PPTX, PDF herunterladen
D
devopsdaysaustin

Presentation by Shannon Lietz Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t? Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path. Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t? Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.

Software
1 von 24
1 Intuit Confidential and Proprietary1 Safely Removing the Last Roadblock to Continuous Delivery Shannon Lietz Director DevSecOps, Intuit @devsecops
2 Thanks to Henrik Kniberg When will you solve my problem?!! Can we discuss my feedback? (Uh - seatbelts?) A Traditional Supply Chain
3 Thanks to Henrik Kniberg Awesome!When can I bring my kids with me? Does it come in Red? Can this be motorized to go faster and for longer trips? Better than walking, for sure… but not by much... A Customer Centric Supply Chain Shifting left solves problems faster…
4 Google Trends • Several years after the Agile Manifesto, DevOps.com was registered (2004) • Google searches for “DevOps” started to rise in 2010 • Major influences: – Saving your Infrastructure from DevOps / Chicago Tribune – DevOps: A Culture Shift, Not a Technology / Information Week – DevOps: A Sharder’s Tale from Etsy – DevOps.com articles • RuggedSoftware.org was registered in 2010 https://www.google.com/trends/
5 Business strategy is achieved with the collaboration of all departments and providers in service to the customer who requires better, faster, cheaper, secure products and services. What’s the Business benefit?
6 1. Manual processes & meeting culture 2. Point in time assessments 3. Friction for friction’s sake 4. Contextual misunderstandings 5. Decisions being made outside of value creation 6. Late constraints and requirements 7. Big commitments, big teams, and big failures 8. Fear of failure, lack of learning 9. Lack of inspiration 10. Management and political interference (approvals, exceptions) ... So what hinders “secure” innovation @ speed & scale?
7 7
8 Traditional Security Security is Everyone’s Responsibility DEVSECOPS It’s time to Culture Hack…
9 OPS SEC DEV AppSec How do we get started?
10 Secure Software Supply Chain 1. Gating processes are not Deming-like 2. Security is a design constraint 3. Decisions made by engineering teams 4. It’s hard to avoid business catastrophes by applying one-size-fits-all strategies 5. Security defects is more like a security “recall” design build deploy operate How do I secure my app? What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? Typical gates for security checks & balances Mistakes and drift often happen after design and build phases that result in weaknesses and potentially exploits Most costly mistakes Happen during design Faster security feedback loop
11 Staffing Models Typical Traditional Supply Chain Ratio DevOps Staffing
12 • Everyone knows Maslow… • If you can remember 5 things, remember these -> “Apps & data are as safe as where you put it, what’s in it, how you inspect it, who talks to it, and how its protected…” Simplifying Security for the Masses
13 Reasonable Security was recently defined for California within the 2016 California Data Breach Report. “The 20 controls in the Center for Internet Security’s Critical Security Controls identify a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.” Why Governance?
14 Migrating Security to the Left… design build deploy operate How do I secure my app? What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? Typical gates for security checks & balances Mistakes and drift often happen after design and build phases that result in weaknesses and potentially exploits Most costly mistakes Happen during design Faster security feedback loop Security is a Design Constraint
15 Monitor & Inspect Everything insights security sciencesecurity tools & data Cloud accounts S3 Glacier EC2 CloudTrail ingestion threat intel security feedback loop continuous response operate
16 deploy Safe Continuous Deployment CloudProviderNetwork Backbone Backbone Cloud Platform (Orchestration) Network Compute Storage Internet CloudAccount(s) Load Balancers Compute Instances VPCs Block Storage Object Storage Relational Databases NoSQL Databases Containers Content Acceleration Messaging Email Utilities Key Management API/Templates Certificate Management Partner Platform Deployment Bundles In S3 Artifacts In S3 safe deployment process secured accounts & services
17 build Fanatical Security Testing dynamic run-timestatic UX & Interfaces Micro Services Web Services Code CFn Templates Build Artifacts Deployment Packages Resources Patterns & Baselines Security Groups Account Configuration Real-Time Updates Patterns & Baselines
18 design Secure Baselines & Patterns templates resourcespatterns services AMI Amazon Elastic MapReduce AWS Import/ Export Security Monitoring Egress Proxy CFn Template Bastion CFn Template Secure VPC CFn Template CloudTrail CFn Template Secrets Bundle MarketPlace
19 What’s this look like in practice?
20 Red Team, Security Operations & Science API KEY EXPOSURE -> 8 HRS DEFAULT CONFIGS -> 24 HRS SECURITY GROUPS -> 24 HRS ESCALATION OF PRIVS -> 5 D KNOWN VULN -> 8 HRS
21 Compliance Operations as Continuous Improvement https://www.kpmg.com/BE/en/IssuesAndInsights/ArticlesPublications/Documents/Transforming-Internal-Audit.pdf
22 Security Decision Support
23 This could be your MTTR… MTTR Days… 6 months
24 Get Involved and Join the Community • devsecops.org • @devsecops on Twitter • DevSecOps on LinkedIn • DevSecOps on Github • RuggedSoftware.org • Compliance at Velocity

Empfohlen

2016 - DevOpsDays Austin Keynote - 2016 State of DevOps
2016 - DevOpsDays Austin Keynote - 2016 State of DevOps2016 - DevOpsDays Austin Keynote - 2016 State of DevOps
2016 - DevOpsDays Austin Keynote - 2016 State of DevOpsdevopsdaysaustin
 
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security PracticesThreat Stack
 
Security & Scaling at Microsoft
Security & Scaling at MicrosoftSecurity & Scaling at Microsoft
Security & Scaling at MicrosoftCass Phillipps
 
Getting Your System to Production and Keeping it There
Getting Your System to Production and Keeping it ThereGetting Your System to Production and Keeping it There
Getting Your System to Production and Keeping it ThereEoin Woods
 
Puppet Channel Sales Training Webinar: Puppet Sales Messaging
Puppet Channel Sales Training Webinar: Puppet Sales MessagingPuppet Channel Sales Training Webinar: Puppet Sales Messaging
Puppet Channel Sales Training Webinar: Puppet Sales MessagingPuppet
 
Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Threat Stack
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesThreat Stack
 
The Case For Continuous Security
The Case For Continuous SecurityThe Case For Continuous Security
The Case For Continuous SecurityThreat Stack
 

Empfohlen

2016 - DevOpsDays Austin Keynote - 2016 State of DevOps
2016 - DevOpsDays Austin Keynote - 2016 State of DevOps2016 - DevOpsDays Austin Keynote - 2016 State of DevOps
2016 - DevOpsDays Austin Keynote - 2016 State of DevOpsdevopsdaysaustin
 
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security PracticesThreat Stack
 
Security & Scaling at Microsoft
Security & Scaling at MicrosoftSecurity & Scaling at Microsoft
Security & Scaling at MicrosoftCass Phillipps
 
Getting Your System to Production and Keeping it There
Getting Your System to Production and Keeping it ThereGetting Your System to Production and Keeping it There
Getting Your System to Production and Keeping it ThereEoin Woods
 
Puppet Channel Sales Training Webinar: Puppet Sales Messaging
Puppet Channel Sales Training Webinar: Puppet Sales MessagingPuppet Channel Sales Training Webinar: Puppet Sales Messaging
Puppet Channel Sales Training Webinar: Puppet Sales MessagingPuppet
 
Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Threat Stack
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesThreat Stack
 
The Case For Continuous Security
The Case For Continuous SecurityThe Case For Continuous Security
The Case For Continuous SecurityThreat Stack
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud Threat Stack
 
2011 09 18 United "Platitudes, reality and promise"
2011 09 18 United "Platitudes, reality and promise"2011 09 18 United "Platitudes, reality and promise"
2011 09 18 United "Platitudes, reality and promise"Gene Kim
 
Careless Users In the Cloud (And What IT Can Do About It)
Careless Users In the Cloud (And What IT Can Do About It)Careless Users In the Cloud (And What IT Can Do About It)
Careless Users In the Cloud (And What IT Can Do About It)Softchoice Corporation
 
A Guide to Employee Computer Tracking
A Guide to Employee Computer TrackingA Guide to Employee Computer Tracking
A Guide to Employee Computer TrackingSwiftTech Solutions, Inc.
 
Why You (& Your Enterprise) Should Care About Shadow Clouds
Why You (& Your Enterprise) Should Care About Shadow CloudsWhy You (& Your Enterprise) Should Care About Shadow Clouds
Why You (& Your Enterprise) Should Care About Shadow CloudsStave
 
Automating Business Processes
Automating Business ProcessesAutomating Business Processes
Automating Business ProcessesSwiftTech Solutions, Inc.
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineeringDinis Cruz
 
What's Keeping Higher Education CIOs Up at Night?
What's Keeping Higher Education CIOs Up at Night?What's Keeping Higher Education CIOs Up at Night?
What's Keeping Higher Education CIOs Up at Night?Vala Afshar
 
Is Outdated Technology Hurting Your Business?
Is Outdated Technology Hurting Your Business?Is Outdated Technology Hurting Your Business?
Is Outdated Technology Hurting Your Business?SwiftTech Solutions, Inc.
 
Going From Legacy To DevOps
Going From Legacy To DevOpsGoing From Legacy To DevOps
Going From Legacy To DevOpsAldo Pietropaolo
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney
 
Security From The Ground Up
Security From The Ground UpSecurity From The Ground Up
Security From The Ground Upbuggeen
 
An Introduction to Chaos Engineering
An Introduction to Chaos EngineeringAn Introduction to Chaos Engineering
An Introduction to Chaos EngineeringGremlin
 
Windows XP is ending. How will it impact your business?
Windows XP is ending. How will it impact your business?Windows XP is ending. How will it impact your business?
Windows XP is ending. How will it impact your business?Computer Troubleshooters
 
Orca webinar: Fix Your Configs Before You Wreck Your Release
Orca webinar: Fix Your Configs Before You Wreck Your Release Orca webinar: Fix Your Configs Before You Wreck Your Release
Orca webinar: Fix Your Configs Before You Wreck Your Release Scott Turner
 
ChefConf 2013 Keynote Session – Opscode – Adam Jacob
ChefConf 2013 Keynote Session – Opscode – Adam JacobChefConf 2013 Keynote Session – Opscode – Adam Jacob
ChefConf 2013 Keynote Session – Opscode – Adam JacobChef Software, Inc.
 
BYOD: bring your own device or bring your own disaster?
BYOD: bring your own device or bring your own disaster?BYOD: bring your own device or bring your own disaster?
BYOD: bring your own device or bring your own disaster?Michel de Goede
 
Securitate In Google Apps
Securitate In Google AppsSecuritate In Google Apps
Securitate In Google Appsrazvanroman
 
2016 - You Don't Belong Here: Dealing with Impostor Syndrome
2016 - You Don't Belong Here: Dealing with Impostor Syndrome2016 - You Don't Belong Here: Dealing with Impostor Syndrome
2016 - You Don't Belong Here: Dealing with Impostor Syndromedevopsdaysaustin
 
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructuredevopsdaysaustin
 

Weitere ähnliche Inhalte

Was ist angesagt?

Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud Threat Stack
 
2011 09 18 United "Platitudes, reality and promise"
2011 09 18 United "Platitudes, reality and promise"2011 09 18 United "Platitudes, reality and promise"
2011 09 18 United "Platitudes, reality and promise"Gene Kim
 
Careless Users In the Cloud (And What IT Can Do About It)
Careless Users In the Cloud (And What IT Can Do About It)Careless Users In the Cloud (And What IT Can Do About It)
Careless Users In the Cloud (And What IT Can Do About It)Softchoice Corporation
 
Why You (& Your Enterprise) Should Care About Shadow Clouds
Why You (& Your Enterprise) Should Care About Shadow CloudsWhy You (& Your Enterprise) Should Care About Shadow Clouds
Why You (& Your Enterprise) Should Care About Shadow CloudsStave
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineeringDinis Cruz
 
What's Keeping Higher Education CIOs Up at Night?
What's Keeping Higher Education CIOs Up at Night?What's Keeping Higher Education CIOs Up at Night?
What's Keeping Higher Education CIOs Up at Night?Vala Afshar
 
Is Outdated Technology Hurting Your Business?
Is Outdated Technology Hurting Your Business?Is Outdated Technology Hurting Your Business?
Is Outdated Technology Hurting Your Business?SwiftTech Solutions, Inc.
 
Going From Legacy To DevOps
Going From Legacy To DevOpsGoing From Legacy To DevOps
Going From Legacy To DevOpsAldo Pietropaolo
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney
 
Security From The Ground Up
Security From The Ground UpSecurity From The Ground Up
Security From The Ground Upbuggeen
 
An Introduction to Chaos Engineering
An Introduction to Chaos EngineeringAn Introduction to Chaos Engineering
An Introduction to Chaos EngineeringGremlin
 
Windows XP is ending. How will it impact your business?
Windows XP is ending. How will it impact your business?Windows XP is ending. How will it impact your business?
Windows XP is ending. How will it impact your business?Computer Troubleshooters
 
Orca webinar: Fix Your Configs Before You Wreck Your Release
Orca webinar: Fix Your Configs Before You Wreck Your Release Orca webinar: Fix Your Configs Before You Wreck Your Release
Orca webinar: Fix Your Configs Before You Wreck Your Release Scott Turner
 
ChefConf 2013 Keynote Session – Opscode – Adam Jacob
ChefConf 2013 Keynote Session – Opscode – Adam JacobChefConf 2013 Keynote Session – Opscode – Adam Jacob
ChefConf 2013 Keynote Session – Opscode – Adam JacobChef Software, Inc.
 
BYOD: bring your own device or bring your own disaster?
BYOD: bring your own device or bring your own disaster?BYOD: bring your own device or bring your own disaster?
BYOD: bring your own device or bring your own disaster?Michel de Goede
 
Securitate In Google Apps
Securitate In Google AppsSecuritate In Google Apps
Securitate In Google Appsrazvanroman
 

Was ist angesagt? (20)

Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
 
2011 09 18 United "Platitudes, reality and promise"
2011 09 18 United "Platitudes, reality and promise"2011 09 18 United "Platitudes, reality and promise"
2011 09 18 United "Platitudes, reality and promise"
 
Careless Users In the Cloud (And What IT Can Do About It)
Careless Users In the Cloud (And What IT Can Do About It)Careless Users In the Cloud (And What IT Can Do About It)
Careless Users In the Cloud (And What IT Can Do About It)
 
A Guide to Employee Computer Tracking
A Guide to Employee Computer TrackingA Guide to Employee Computer Tracking
A Guide to Employee Computer Tracking
 
Why You (& Your Enterprise) Should Care About Shadow Clouds
Why You (& Your Enterprise) Should Care About Shadow CloudsWhy You (& Your Enterprise) Should Care About Shadow Clouds
Why You (& Your Enterprise) Should Care About Shadow Clouds
 
Automating Business Processes
Automating Business ProcessesAutomating Business Processes
Automating Business Processes
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineering
 
What's Keeping Higher Education CIOs Up at Night?
What's Keeping Higher Education CIOs Up at Night?What's Keeping Higher Education CIOs Up at Night?
What's Keeping Higher Education CIOs Up at Night?
 
Is Outdated Technology Hurting Your Business?
Is Outdated Technology Hurting Your Business?Is Outdated Technology Hurting Your Business?
Is Outdated Technology Hurting Your Business?
 
Going From Legacy To DevOps
Going From Legacy To DevOpsGoing From Legacy To DevOps
Going From Legacy To DevOps
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
 
Security From The Ground Up
Security From The Ground UpSecurity From The Ground Up
Security From The Ground Up
 
An Introduction to Chaos Engineering
An Introduction to Chaos EngineeringAn Introduction to Chaos Engineering
An Introduction to Chaos Engineering
 
Windows XP is ending. How will it impact your business?
Windows XP is ending. How will it impact your business?Windows XP is ending. How will it impact your business?
Windows XP is ending. How will it impact your business?
 
Orca webinar: Fix Your Configs Before You Wreck Your Release
Orca webinar: Fix Your Configs Before You Wreck Your Release Orca webinar: Fix Your Configs Before You Wreck Your Release
Orca webinar: Fix Your Configs Before You Wreck Your Release
 
ChefConf 2013 Keynote Session – Opscode – Adam Jacob
ChefConf 2013 Keynote Session – Opscode – Adam JacobChefConf 2013 Keynote Session – Opscode – Adam Jacob
ChefConf 2013 Keynote Session – Opscode – Adam Jacob
 
BYOD: bring your own device or bring your own disaster?
BYOD: bring your own device or bring your own disaster?BYOD: bring your own device or bring your own disaster?
BYOD: bring your own device or bring your own disaster?
 
Securitate In Google Apps
Securitate In Google AppsSecuritate In Google Apps
Securitate In Google Apps
 

Andere mochten auch

2016 - You Don't Belong Here: Dealing with Impostor Syndrome
2016 - You Don't Belong Here: Dealing with Impostor Syndrome2016 - You Don't Belong Here: Dealing with Impostor Syndrome
2016 - You Don't Belong Here: Dealing with Impostor Syndromedevopsdaysaustin
 
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructuredevopsdaysaustin
 
2016 - IGNITE - How Do I Even Swarm
2016 - IGNITE - How Do I Even Swarm2016 - IGNITE - How Do I Even Swarm
2016 - IGNITE - How Do I Even Swarmdevopsdaysaustin
 
2016 - IGNITE - Blameless System Design
2016 - IGNITE - Blameless System Design2016 - IGNITE - Blameless System Design
2016 - IGNITE - Blameless System Designdevopsdaysaustin
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...devopsdaysaustin
 
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
2016 - Continuously Delivering Microservices in Kubernetes using Jenkinsdevopsdaysaustin
 

Andere mochten auch (6)

2016 - You Don't Belong Here: Dealing with Impostor Syndrome
2016 - You Don't Belong Here: Dealing with Impostor Syndrome2016 - You Don't Belong Here: Dealing with Impostor Syndrome
2016 - You Don't Belong Here: Dealing with Impostor Syndrome
 
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
 
2016 - IGNITE - How Do I Even Swarm
2016 - IGNITE - How Do I Even Swarm2016 - IGNITE - How Do I Even Swarm
2016 - IGNITE - How Do I Even Swarm
 
2016 - IGNITE - Blameless System Design
2016 - IGNITE - Blameless System Design2016 - IGNITE - Blameless System Design
2016 - IGNITE - Blameless System Design
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
 
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
 

Ähnlich wie 2016 - Safely Removing the Last Roadblock to Continuous Delivery

The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseJames Wickett
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019Stefan Streichsbier
 
How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...kunwaratul hax0r
 
State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019Stefan Streichsbier
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
_Best practices towards a well-polished DevSecOps environment (1).pdf
_Best practices towards a well-polished DevSecOps environment (1).pdf_Best practices towards a well-polished DevSecOps environment (1).pdf
_Best practices towards a well-polished DevSecOps environment (1).pdfEnov8
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015Shannon Lietz
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherWendy Knox Everette
 

Ähnlich wie 2016 - Safely Removing the Last Roadblock to Continuous Delivery (20)

The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
DevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docxDevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docx
 
The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docx
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 
State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
_Best practices towards a well-polished DevSecOps environment (1).pdf
_Best practices towards a well-polished DevSecOps environment (1).pdf_Best practices towards a well-polished DevSecOps environment (1).pdf
_Best practices towards a well-polished DevSecOps environment (1).pdf
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 

Mehr von devopsdaysaustin

2016 - Open Mic - IGNITE - The Power of #DadOps for women in tech
2016 - Open Mic - IGNITE - The Power of #DadOps for women in tech2016 - Open Mic - IGNITE - The Power of #DadOps for women in tech
2016 - Open Mic - IGNITE - The Power of #DadOps for women in techdevopsdaysaustin
 
2016 - Open Mic - IGNITE - This is a Tire Fire
2016 - Open Mic - IGNITE - This is a Tire Fire2016 - Open Mic - IGNITE - This is a Tire Fire
2016 - Open Mic - IGNITE - This is a Tire Firedevopsdaysaustin
 
2016 - IGNITE - An ElasticSearch Cluster Named George Armstrong Custer
2016 - IGNITE - An ElasticSearch Cluster Named George Armstrong Custer2016 - IGNITE - An ElasticSearch Cluster Named George Armstrong Custer
2016 - IGNITE - An ElasticSearch Cluster Named George Armstrong Custerdevopsdaysaustin
 
2016 - IGNITE - No Assholes
2016 - IGNITE - No Assholes2016 - IGNITE - No Assholes
2016 - IGNITE - No Assholesdevopsdaysaustin
 
2016 - IGNITE - Real Heroes Draw Pictures
2016 - IGNITE - Real Heroes Draw Pictures2016 - IGNITE - Real Heroes Draw Pictures
2016 - IGNITE - Real Heroes Draw Picturesdevopsdaysaustin
 
2016 - IGNITE - The Cynefin Model for Operational Transformation
2016 - IGNITE - The Cynefin Model for Operational Transformation2016 - IGNITE - The Cynefin Model for Operational Transformation
2016 - IGNITE - The Cynefin Model for Operational Transformationdevopsdaysaustin
 
2016 - IGNITE - DevOps or NoOps
2016 - IGNITE - DevOps or NoOps2016 - IGNITE - DevOps or NoOps
2016 - IGNITE - DevOps or NoOpsdevopsdaysaustin
 
2016 - Orchestrating multi-container apps: How I came to love the pod
2016 - Orchestrating multi-container apps: How I came to love the pod2016 - Orchestrating multi-container apps: How I came to love the pod
2016 - Orchestrating multi-container apps: How I came to love the poddevopsdaysaustin
 
2016 - Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choice
2016 - Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choice2016 - Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choice
2016 - Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choicedevopsdaysaustin
 
2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpecdevopsdaysaustin
 
2016 - Serverless Microservices on AWS with API Gateway and Lambda
2016 - Serverless Microservices on AWS with API Gateway and Lambda2016 - Serverless Microservices on AWS with API Gateway and Lambda
2016 - Serverless Microservices on AWS with API Gateway and Lambdadevopsdaysaustin
 
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Productiondevopsdaysaustin
 
2016 - IGNITE - Rugged Enterprise DevSecNetQAGovOps
2016 - IGNITE - Rugged Enterprise DevSecNetQAGovOps2016 - IGNITE - Rugged Enterprise DevSecNetQAGovOps
2016 - IGNITE - Rugged Enterprise DevSecNetQAGovOpsdevopsdaysaustin
 
2016 - IGNITE - ChatOps for Developers and Everyone Else, Too
2016 - IGNITE - ChatOps for Developers and Everyone Else, Too2016 - IGNITE - ChatOps for Developers and Everyone Else, Too
2016 - IGNITE - ChatOps for Developers and Everyone Else, Toodevopsdaysaustin
 
2016 - IGNITE - 17th Century Shipbuild and Your Failed Software Project
2016 - IGNITE - 17th Century Shipbuild and Your Failed Software Project2016 - IGNITE - 17th Century Shipbuild and Your Failed Software Project
2016 - IGNITE - 17th Century Shipbuild and Your Failed Software Projectdevopsdaysaustin
 
2016 - IGNITE - Being an introvert and at a conference, not as hellish as you...
2016 - IGNITE - Being an introvert and at a conference, not as hellish as you...2016 - IGNITE - Being an introvert and at a conference, not as hellish as you...
2016 - IGNITE - Being an introvert and at a conference, not as hellish as you...devopsdaysaustin
 
2016 - IGNITE - A Developer's Progress: The mistaeks that have made me who I am
2016 - IGNITE - A Developer's Progress: The mistaeks that have made me who I am2016 - IGNITE - A Developer's Progress: The mistaeks that have made me who I am
2016 - IGNITE - A Developer's Progress: The mistaeks that have made me who I amdevopsdaysaustin
 
2016 - The Ops Must Be Crazy - Hack Your Team's Ops Culture With One Weird Trick
2016 - The Ops Must Be Crazy - Hack Your Team's Ops Culture With One Weird Trick2016 - The Ops Must Be Crazy - Hack Your Team's Ops Culture With One Weird Trick
2016 - The Ops Must Be Crazy - Hack Your Team's Ops Culture With One Weird Trickdevopsdaysaustin
 
2016 - DevOps Meets APIs - Model once. Benefit everywhere.
2016 - DevOps Meets APIs - Model once. Benefit everywhere.2016 - DevOps Meets APIs - Model once. Benefit everywhere.
2016 - DevOps Meets APIs - Model once. Benefit everywhere.devopsdaysaustin
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservicedevopsdaysaustin
 

Mehr von devopsdaysaustin (20)

2016 - Open Mic - IGNITE - The Power of #DadOps for women in tech
2016 - Open Mic - IGNITE - The Power of #DadOps for women in tech2016 - Open Mic - IGNITE - The Power of #DadOps for women in tech
2016 - Open Mic - IGNITE - The Power of #DadOps for women in tech
 
2016 - Open Mic - IGNITE - This is a Tire Fire
2016 - Open Mic - IGNITE - This is a Tire Fire2016 - Open Mic - IGNITE - This is a Tire Fire
2016 - Open Mic - IGNITE - This is a Tire Fire
 
2016 - IGNITE - An ElasticSearch Cluster Named George Armstrong Custer
2016 - IGNITE - An ElasticSearch Cluster Named George Armstrong Custer2016 - IGNITE - An ElasticSearch Cluster Named George Armstrong Custer
2016 - IGNITE - An ElasticSearch Cluster Named George Armstrong Custer
 
2016 - IGNITE - No Assholes
2016 - IGNITE - No Assholes2016 - IGNITE - No Assholes
2016 - IGNITE - No Assholes
 
2016 - IGNITE - Real Heroes Draw Pictures
2016 - IGNITE - Real Heroes Draw Pictures2016 - IGNITE - Real Heroes Draw Pictures
2016 - IGNITE - Real Heroes Draw Pictures
 
2016 - IGNITE - The Cynefin Model for Operational Transformation
2016 - IGNITE - The Cynefin Model for Operational Transformation2016 - IGNITE - The Cynefin Model for Operational Transformation
2016 - IGNITE - The Cynefin Model for Operational Transformation
 
2016 - IGNITE - DevOps or NoOps
2016 - IGNITE - DevOps or NoOps2016 - IGNITE - DevOps or NoOps
2016 - IGNITE - DevOps or NoOps
 
2016 - Orchestrating multi-container apps: How I came to love the pod
2016 - Orchestrating multi-container apps: How I came to love the pod2016 - Orchestrating multi-container apps: How I came to love the pod
2016 - Orchestrating multi-container apps: How I came to love the pod
 
2016 - Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choice
2016 - Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choice2016 - Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choice
2016 - Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choice
 
2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec
 
2016 - Serverless Microservices on AWS with API Gateway and Lambda
2016 - Serverless Microservices on AWS with API Gateway and Lambda2016 - Serverless Microservices on AWS with API Gateway and Lambda
2016 - Serverless Microservices on AWS with API Gateway and Lambda
 
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
 
2016 - IGNITE - Rugged Enterprise DevSecNetQAGovOps
2016 - IGNITE - Rugged Enterprise DevSecNetQAGovOps2016 - IGNITE - Rugged Enterprise DevSecNetQAGovOps
2016 - IGNITE - Rugged Enterprise DevSecNetQAGovOps
 
2016 - IGNITE - ChatOps for Developers and Everyone Else, Too
2016 - IGNITE - ChatOps for Developers and Everyone Else, Too2016 - IGNITE - ChatOps for Developers and Everyone Else, Too
2016 - IGNITE - ChatOps for Developers and Everyone Else, Too
 
2016 - IGNITE - 17th Century Shipbuild and Your Failed Software Project
2016 - IGNITE - 17th Century Shipbuild and Your Failed Software Project2016 - IGNITE - 17th Century Shipbuild and Your Failed Software Project
2016 - IGNITE - 17th Century Shipbuild and Your Failed Software Project
 
2016 - IGNITE - Being an introvert and at a conference, not as hellish as you...
2016 - IGNITE - Being an introvert and at a conference, not as hellish as you...2016 - IGNITE - Being an introvert and at a conference, not as hellish as you...
2016 - IGNITE - Being an introvert and at a conference, not as hellish as you...
 
2016 - IGNITE - A Developer's Progress: The mistaeks that have made me who I am
2016 - IGNITE - A Developer's Progress: The mistaeks that have made me who I am2016 - IGNITE - A Developer's Progress: The mistaeks that have made me who I am
2016 - IGNITE - A Developer's Progress: The mistaeks that have made me who I am
 
2016 - The Ops Must Be Crazy - Hack Your Team's Ops Culture With One Weird Trick
2016 - The Ops Must Be Crazy - Hack Your Team's Ops Culture With One Weird Trick2016 - The Ops Must Be Crazy - Hack Your Team's Ops Culture With One Weird Trick
2016 - The Ops Must Be Crazy - Hack Your Team's Ops Culture With One Weird Trick
 
2016 - DevOps Meets APIs - Model once. Benefit everywhere.
2016 - DevOps Meets APIs - Model once. Benefit everywhere.2016 - DevOps Meets APIs - Model once. Benefit everywhere.
2016 - DevOps Meets APIs - Model once. Benefit everywhere.
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice
 

Kürzlich hochgeladen

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 

Kürzlich hochgeladen (20)

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 

2016 - Safely Removing the Last Roadblock to Continuous Delivery

  • 1. 1 Intuit Confidential and Proprietary1 Safely Removing the Last Roadblock to Continuous Delivery Shannon Lietz Director DevSecOps, Intuit @devsecops
  • 2. 2 Thanks to Henrik Kniberg When will you solve my problem?!! Can we discuss my feedback? (Uh - seatbelts?) A Traditional Supply Chain
  • 3. 3 Thanks to Henrik Kniberg Awesome!When can I bring my kids with me? Does it come in Red? Can this be motorized to go faster and for longer trips? Better than walking, for sure… but not by much... A Customer Centric Supply Chain Shifting left solves problems faster…
  • 4. 4 Google Trends • Several years after the Agile Manifesto, DevOps.com was registered (2004) • Google searches for “DevOps” started to rise in 2010 • Major influences: – Saving your Infrastructure from DevOps / Chicago Tribune – DevOps: A Culture Shift, Not a Technology / Information Week – DevOps: A Sharder’s Tale from Etsy – DevOps.com articles • RuggedSoftware.org was registered in 2010 https://www.google.com/trends/
  • 5. 5 Business strategy is achieved with the collaboration of all departments and providers in service to the customer who requires better, faster, cheaper, secure products and services. What’s the Business benefit?
  • 6. 6 1. Manual processes & meeting culture 2. Point in time assessments 3. Friction for friction’s sake 4. Contextual misunderstandings 5. Decisions being made outside of value creation 6. Late constraints and requirements 7. Big commitments, big teams, and big failures 8. Fear of failure, lack of learning 9. Lack of inspiration 10. Management and political interference (approvals, exceptions) ... So what hinders “secure” innovation @ speed & scale?
  • 7. 7 7
  • 10. 10 Secure Software Supply Chain 1. Gating processes are not Deming-like 2. Security is a design constraint 3. Decisions made by engineering teams 4. It’s hard to avoid business catastrophes by applying one-size-fits-all strategies 5. Security defects is more like a security “recall” design build deploy operate How do I secure my app? What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? Typical gates for security checks & balances Mistakes and drift often happen after design and build phases that result in weaknesses and potentially exploits Most costly mistakes Happen during design Faster security feedback loop
  • 11. 11 Staffing Models Typical Traditional Supply Chain Ratio DevOps Staffing
  • 12. 12 • Everyone knows Maslow… • If you can remember 5 things, remember these -> “Apps & data are as safe as where you put it, what’s in it, how you inspect it, who talks to it, and how its protected…” Simplifying Security for the Masses
  • 13. 13 Reasonable Security was recently defined for California within the 2016 California Data Breach Report. “The 20 controls in the Center for Internet Security’s Critical Security Controls identify a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.” Why Governance?
  • 14. 14 Migrating Security to the Left… design build deploy operate How do I secure my app? What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? Typical gates for security checks & balances Mistakes and drift often happen after design and build phases that result in weaknesses and potentially exploits Most costly mistakes Happen during design Faster security feedback loop Security is a Design Constraint
  • 15. 15 Monitor & Inspect Everything insights security sciencesecurity tools & data Cloud accounts S3 Glacier EC2 CloudTrail ingestion threat intel security feedback loop continuous response operate
  • 16. 16 deploy Safe Continuous Deployment CloudProviderNetwork Backbone Backbone Cloud Platform (Orchestration) Network Compute Storage Internet CloudAccount(s) Load Balancers Compute Instances VPCs Block Storage Object Storage Relational Databases NoSQL Databases Containers Content Acceleration Messaging Email Utilities Key Management API/Templates Certificate Management Partner Platform Deployment Bundles In S3 Artifacts In S3 safe deployment process secured accounts & services
  • 17. 17 build Fanatical Security Testing dynamic run-timestatic UX & Interfaces Micro Services Web Services Code CFn Templates Build Artifacts Deployment Packages Resources Patterns & Baselines Security Groups Account Configuration Real-Time Updates Patterns & Baselines
  • 18. 18 design Secure Baselines & Patterns templates resourcespatterns services AMI Amazon Elastic MapReduce AWS Import/ Export Security Monitoring Egress Proxy CFn Template Bastion CFn Template Secure VPC CFn Template CloudTrail CFn Template Secrets Bundle MarketPlace
  • 19. 19 What’s this look like in practice?
  • 20. 20 Red Team, Security Operations & Science API KEY EXPOSURE -> 8 HRS DEFAULT CONFIGS -> 24 HRS SECURITY GROUPS -> 24 HRS ESCALATION OF PRIVS -> 5 D KNOWN VULN -> 8 HRS
  • 21. 21 Compliance Operations as Continuous Improvement https://www.kpmg.com/BE/en/IssuesAndInsights/ArticlesPublications/Documents/Transforming-Internal-Audit.pdf
  • 23. 23 This could be your MTTR… MTTR Days… 6 months
  • 24. 24 Get Involved and Join the Community • devsecops.org • @devsecops on Twitter • DevSecOps on LinkedIn • DevSecOps on Github • RuggedSoftware.org • Compliance at Velocity

Hinweis der Redaktion

  1. Prepare the environment in the right order and ensure inspections pass before making traffic available.
  2. What you test and how you test also make a big difference. Code can have immediate issues and mistakes that become costly later.
  3. The parts you consider using during design make a big difference. … When something isn’t secure by default it can have a profound effect on operations. As an example…