SlideShare ist ein Scribd-Unternehmen logo

Security Loves DevOps: DevOpsDays Austin 2012

Als PPTX, PDF herunterladen
James Turnbull
James Turnbull

Discusses the intersection between security and DevOps and how Security people can leverage DevOps and vice versa.

TechnologieBusiness
1 von 26
DevOps & Security James Turnbull Puppet Labs DEVOPSDAYS AUSTIN 2012
Who me? • Puppet Labs employee • Security boffin • Open source fan • Author • Australian • Expletives DEVOPSDAYS AUSTIN 2012
More introductions Does anyone here work in Security? DEVOPSDAYS AUSTIN 2012
Three things I hated about Security 1. Not being liked 2. Not being effective 3. Not being happy DEVOPSDAYS AUSTIN 2012
Meme theft… DEVOPSDAYS AUSTIN 2012
What IT think Security do DEVOPSDAYS AUSTIN 2012
What the business think Security do DEVOPSDAYS AUSTIN 2012
What Security people think they do DEVOPSDAYS AUSTIN 2012
What Security Isn’t DEVOPSDAYS AUSTIN 2012
What Security Is (or Should Be) • Partnership not conflict • Servicing and Protecting all customers • Allowing increased risk appetite • Enabling the business to do business DEVOPSDAYS AUSTIN 2012
The Intersection DEVOPSDAYS AUSTIN 2012
Security people are people too DEVOPSDAYS AUSTIN 2012
Security people are people too • Developer People • Ops People • DBA People • Network People • Storage People DEVOPSDAYS AUSTIN 2012
DevOps & Security You should care about security too! DEVOPSDAYS AUSTIN 2012
DevOps & Security Evolution is mutual DEVOPSDAYS AUSTIN 2012
Getting Security to Listen It’s all about the culture DEVOPSDAYS AUSTIN 2012
Getting Security to Listen Destroy the blame culture DEVOPSDAYS AUSTIN 2012
Getting Security to Listen Speak the same language DEVOPSDAYS AUSTIN 2012
Getting Security to Listen "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.” DEVOPSDAYS AUSTIN 2012 - CISA
Getting Security to Listen Let the business do business with the right controls DEVOPSDAYS AUSTIN 2012
Talking Controls • Provisioning & Deployment: Efficiency • Configuration Management: Inconsistency is the enemy of security • Incident Management: Information is King • Audit: Magic away auditors DEVOPSDAYS AUSTIN 2012
Ideas for Collaboration DEVOPSDAYS AUSTIN 2012
DevOps & Security • Get roles and responsibilities right • Security people are (skilled) people too • Risk Register diving DEVOPSDAYS AUSTIN 2012
Dev & Security • Put Security people into Dev • Gather security requirements early • Designed for security == Deployed sanely & securely DEVOPSDAYS AUSTIN 2012
Ops & Security • Embed Security into Ops escalation • Invite Security to post-mortems • Expose Security to your metrics & data DEVOPSDAYS AUSTIN 2012
Thanks James Turnbull james@puppetlabs.com @kartar http://www.kartar.net DEVOPSDAYS AUSTIN 2012

Empfohlen

Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?
DevOps.com
 
Securing The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpSecuring The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom Up
DevOps.com
 
Security confessions of a small country
Security confessions of a small countrySecurity confessions of a small country
Security confessions of a small country
Laura Bell
 
Panel Discussion: Integrated Scientific Discovery
Panel Discussion: Integrated Scientific DiscoveryPanel Discussion: Integrated Scientific Discovery
Panel Discussion: Integrated Scientific Discovery
HPCC Systems
 
Simple Steps to Safety
Simple Steps to SafetySimple Steps to Safety
Simple Steps to Safety
Horse SA
 
Enterprise DevOps is not an oxymoron
Enterprise DevOps is not an oxymoronEnterprise DevOps is not an oxymoron
Enterprise DevOps is not an oxymoron
Lee Eason
 
Dekra insight safety excellence symposium
Dekra insight safety excellence symposiumDekra insight safety excellence symposium
Dekra insight safety excellence symposium
Musallam Khaifi
 
EDI Training Module 1: Workshop Introduction
EDI Training Module 1: Workshop IntroductionEDI Training Module 1: Workshop Introduction
EDI Training Module 1: Workshop Introduction
Environmental Data Initiative
 

Empfohlen

Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?
DevOps.com
 
Securing The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpSecuring The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom Up
DevOps.com
 
Security confessions of a small country
Security confessions of a small countrySecurity confessions of a small country
Security confessions of a small country
Laura Bell
 
Panel Discussion: Integrated Scientific Discovery
Panel Discussion: Integrated Scientific DiscoveryPanel Discussion: Integrated Scientific Discovery
Panel Discussion: Integrated Scientific Discovery
HPCC Systems
 
Simple Steps to Safety
Simple Steps to SafetySimple Steps to Safety
Simple Steps to Safety
Horse SA
 
Enterprise DevOps is not an oxymoron
Enterprise DevOps is not an oxymoronEnterprise DevOps is not an oxymoron
Enterprise DevOps is not an oxymoron
Lee Eason
 
Dekra insight safety excellence symposium
Dekra insight safety excellence symposiumDekra insight safety excellence symposium
Dekra insight safety excellence symposium
Musallam Khaifi
 
EDI Training Module 1: Workshop Introduction
EDI Training Module 1: Workshop IntroductionEDI Training Module 1: Workshop Introduction
EDI Training Module 1: Workshop Introduction
Environmental Data Initiative
 
The Australian Cyber Security Growth Network Strategy and Goals
The Australian Cyber Security Growth Network Strategy and GoalsThe Australian Cyber Security Growth Network Strategy and Goals
The Australian Cyber Security Growth Network Strategy and Goals
Australian Cyber Security Growth Network Ltd
 
Think about having computer antivirus
Think about having computer antivirusThink about having computer antivirus
Think about having computer antivirus
Sid1256
 
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOpsSTAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
Troy Marshall
 
SDM Tiny Intro
SDM Tiny IntroSDM Tiny Intro
SDM Tiny Intro
Suzanne Hagell
 
(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...
(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...
(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...
Victoria Schiffer
 
A detailed guide about dev secops
A detailed guide about dev secopsA detailed guide about dev secops
A detailed guide about dev secops
Enov8
 
How to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety ExcellenceHow to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety Excellence
PECB
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
NetIQ
 
Why businesses are moving towards remote working?
Why businesses are moving towards remote working?Why businesses are moving towards remote working?
Why businesses are moving towards remote working?
Vartika Kashyap
 
Bill checkpoint
Bill checkpointBill checkpoint
Bill checkpoint
Billy Cox
 
2017 Tasmanian Safety Symposium & Trade Show
2017 Tasmanian Safety Symposium & Trade Show2017 Tasmanian Safety Symposium & Trade Show
2017 Tasmanian Safety Symposium & Trade Show
Australian Institute of Health & Safety
 
Katie reynolds-audi-presentation
Katie reynolds-audi-presentationKatie reynolds-audi-presentation
Katie reynolds-audi-presentation
Michael Buckley
 
The Biggest Secrets of Security Awareness
The Biggest Secrets of Security AwarenessThe Biggest Secrets of Security Awareness
The Biggest Secrets of Security Awareness
digitallibrary
 
#OSSPARIS19 - Open Source, looking at the future !! - by STEPHEN WALLI, and p...
#OSSPARIS19 - Open Source, looking at the future !! - by STEPHEN WALLI, and p...#OSSPARIS19 - Open Source, looking at the future !! - by STEPHEN WALLI, and p...
#OSSPARIS19 - Open Source, looking at the future !! - by STEPHEN WALLI, and p...
Paris Open Source Summit
 
A detailed guide about dev secops.docx
A detailed guide about dev secops.docxA detailed guide about dev secops.docx
A detailed guide about dev secops.docx
Enov8
 
What the Fuck is DevOps?
What the Fuck is DevOps?What the Fuck is DevOps?
What the Fuck is DevOps?
James Turnbull
 
What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar
ITSM Academy, Inc.
 
What is DevOps
What is DevOpsWhat is DevOps
What is DevOps
spajus
 
What is DevOps?
What is DevOps? What is DevOps?
What is DevOps?
Matti Klasson
 
What is devops
What is devopsWhat is devops
What is devops
Aaron Blythe
 
QA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via JenkinsQA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via Jenkins
Tatyana Kravtsov
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOps
SeaLights
 

Weitere ähnliche Inhalte

Was ist angesagt?

STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOpsSTAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
Troy Marshall
 
How to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety ExcellenceHow to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety Excellence
PECB
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
NetIQ
 
Katie reynolds-audi-presentation
Katie reynolds-audi-presentationKatie reynolds-audi-presentation
Katie reynolds-audi-presentation
Michael Buckley
 

Was ist angesagt? (15)

The Australian Cyber Security Growth Network Strategy and Goals
The Australian Cyber Security Growth Network Strategy and GoalsThe Australian Cyber Security Growth Network Strategy and Goals
The Australian Cyber Security Growth Network Strategy and Goals
 
Think about having computer antivirus
Think about having computer antivirusThink about having computer antivirus
Think about having computer antivirus
 
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOpsSTAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps
 
SDM Tiny Intro
SDM Tiny IntroSDM Tiny Intro
SDM Tiny Intro
 
(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...
(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...
(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...
 
A detailed guide about dev secops
A detailed guide about dev secopsA detailed guide about dev secops
A detailed guide about dev secops
 
How to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety ExcellenceHow to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety Excellence
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
 
Why businesses are moving towards remote working?
Why businesses are moving towards remote working?Why businesses are moving towards remote working?
Why businesses are moving towards remote working?
 
Bill checkpoint
Bill checkpointBill checkpoint
Bill checkpoint
 
2017 Tasmanian Safety Symposium & Trade Show
2017 Tasmanian Safety Symposium & Trade Show2017 Tasmanian Safety Symposium & Trade Show
2017 Tasmanian Safety Symposium & Trade Show
 
Katie reynolds-audi-presentation
Katie reynolds-audi-presentationKatie reynolds-audi-presentation
Katie reynolds-audi-presentation
 
The Biggest Secrets of Security Awareness
The Biggest Secrets of Security AwarenessThe Biggest Secrets of Security Awareness
The Biggest Secrets of Security Awareness
 
#OSSPARIS19 - Open Source, looking at the future !! - by STEPHEN WALLI, and p...
#OSSPARIS19 - Open Source, looking at the future !! - by STEPHEN WALLI, and p...#OSSPARIS19 - Open Source, looking at the future !! - by STEPHEN WALLI, and p...
#OSSPARIS19 - Open Source, looking at the future !! - by STEPHEN WALLI, and p...
 
A detailed guide about dev secops.docx
A detailed guide about dev secops.docxA detailed guide about dev secops.docx
A detailed guide about dev secops.docx
 

Andere mochten auch

QA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via JenkinsQA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via Jenkins
Tatyana Kravtsov
 
Where Testers & QA Fit in the Story of DevOps
Where Testers & QA Fit in the Story of DevOpsWhere Testers & QA Fit in the Story of DevOps
Where Testers & QA Fit in the Story of DevOps
QASymphony
 

Andere mochten auch (17)

What the Fuck is DevOps?
What the Fuck is DevOps?What the Fuck is DevOps?
What the Fuck is DevOps?
 
What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar
 
What is DevOps
What is DevOpsWhat is DevOps
What is DevOps
 
What is DevOps?
What is DevOps? What is DevOps?
What is DevOps?
 
What is devops
What is devopsWhat is devops
What is devops
 
QA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via JenkinsQA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via Jenkins
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOps
 
Implementing DevOps In Practice
Implementing DevOps In PracticeImplementing DevOps In Practice
Implementing DevOps In Practice
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
Continuous Deployment and Testing Workshop from Better Software West
Continuous Deployment and Testing Workshop from Better Software WestContinuous Deployment and Testing Workshop from Better Software West
Continuous Deployment and Testing Workshop from Better Software West
 
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarRisk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
 
Where Testers & QA Fit in the Story of DevOps
Where Testers & QA Fit in the Story of DevOpsWhere Testers & QA Fit in the Story of DevOps
Where Testers & QA Fit in the Story of DevOps
 
DevOps
DevOpsDevOps
DevOps
 
Introducing DevOps
Introducing DevOpsIntroducing DevOps
Introducing DevOps
 
DevOps 101
DevOps 101DevOps 101
DevOps 101
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
 
Enterprise DevOps: Scaling Build, Deploy, Test, Release
Enterprise DevOps: Scaling Build, Deploy, Test, ReleaseEnterprise DevOps: Scaling Build, Deploy, Test, Release
Enterprise DevOps: Scaling Build, Deploy, Test, Release
 

Ähnlich wie Security Loves DevOps: DevOpsDays Austin 2012

(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
Amazon Web Services
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB
 
2012 FEPA Presentation: Mark Weise
2012 FEPA Presentation: Mark Weise2012 FEPA Presentation: Mark Weise
2012 FEPA Presentation: Mark Weise
FloridaPipeTalk
 

Ähnlich wie Security Loves DevOps: DevOpsDays Austin 2012 (20)

S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
 
SDLC & DevSecOps
SDLC & DevSecOpsSDLC & DevSecOps
SDLC & DevSecOps
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 
DevSecOps Value & Its Organizational Impact: A CSO's Perspective
DevSecOps Value & Its Organizational Impact: A CSO's PerspectiveDevSecOps Value & Its Organizational Impact: A CSO's Perspective
DevSecOps Value & Its Organizational Impact: A CSO's Perspective
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A Service
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
Enterprise Security Considerations
Enterprise Security ConsiderationsEnterprise Security Considerations
Enterprise Security Considerations
 
Build the right culture in DevSecOps
Build the right culture in DevSecOps Build the right culture in DevSecOps
Build the right culture in DevSecOps
 
Everything To Everybody? Making Your Denodo Implementation a Huge Success
Everything To Everybody? Making Your Denodo Implementation a Huge SuccessEverything To Everybody? Making Your Denodo Implementation a Huge Success
Everything To Everybody? Making Your Denodo Implementation a Huge Success
 
Road map to safety ppt
Road map to safety pptRoad map to safety ppt
Road map to safety ppt
 
Road map to safety ppt
Road map to safety pptRoad map to safety ppt
Road map to safety ppt
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
2012 FEPA Presentation: Mark Weise
2012 FEPA Presentation: Mark Weise2012 FEPA Presentation: Mark Weise
2012 FEPA Presentation: Mark Weise
 
Introducing agile
Introducing agileIntroducing agile
Introducing agile
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1
 
Værdien af Identity & Access Management, Jan Quach, Accenture
Værdien af Identity & Access Management, Jan Quach, AccentureVærdien af Identity & Access Management, Jan Quach, Accenture
Værdien af Identity & Access Management, Jan Quach, Accenture
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 

Mehr von James Turnbull

Monitoring As A Service - Modernity and Self-Service CraftConf 2016
Monitoring As A Service - Modernity and Self-Service CraftConf 2016Monitoring As A Service - Modernity and Self-Service CraftConf 2016
Monitoring As A Service - Modernity and Self-Service CraftConf 2016
James Turnbull
 
Orchestrating Docker - Making the Whale Dance
Orchestrating Docker - Making the Whale DanceOrchestrating Docker - Making the Whale Dance
Orchestrating Docker - Making the Whale Dance
James Turnbull
 
Monitoring as a service - Velocity NYC 2015
Monitoring as a service - Velocity NYC 2015Monitoring as a service - Velocity NYC 2015
Monitoring as a service - Velocity NYC 2015
James Turnbull
 
Monitoring As A Service - Monitorama 2015
Monitoring As A Service - Monitorama 2015Monitoring As A Service - Monitorama 2015
Monitoring As A Service - Monitorama 2015
James Turnbull
 
Docker for Developers
Docker for DevelopersDocker for Developers
Docker for Developers
James Turnbull
 
Monitoring As a Service
Monitoring As a ServiceMonitoring As a Service
Monitoring As a Service
James Turnbull
 
Once upon a time: Why operations mythology matters
Once upon a time: Why operations mythology mattersOnce upon a time: Why operations mythology matters
Once upon a time: Why operations mythology matters
James Turnbull
 
State of the Puppet Community - PuppetConf 2012
State of the Puppet Community - PuppetConf 2012State of the Puppet Community - PuppetConf 2012
State of the Puppet Community - PuppetConf 2012
James Turnbull
 
Rollback: The Impossible Dream
Rollback: The Impossible DreamRollback: The Impossible Dream
Rollback: The Impossible Dream
James Turnbull
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration Management
James Turnbull
 

Mehr von James Turnbull (18)

And lo there was monitoring!
And lo there was monitoring!And lo there was monitoring!
And lo there was monitoring!
 
Monitoring As A Service - Modernity and Self-Service CraftConf 2016
Monitoring As A Service - Modernity and Self-Service CraftConf 2016Monitoring As A Service - Modernity and Self-Service CraftConf 2016
Monitoring As A Service - Modernity and Self-Service CraftConf 2016
 
Orchestrating Docker - Making the Whale Dance
Orchestrating Docker - Making the Whale DanceOrchestrating Docker - Making the Whale Dance
Orchestrating Docker - Making the Whale Dance
 
Monitoring as a service - Velocity NYC 2015
Monitoring as a service - Velocity NYC 2015Monitoring as a service - Velocity NYC 2015
Monitoring as a service - Velocity NYC 2015
 
Developing Good Operations Tools
Developing Good Operations ToolsDeveloping Good Operations Tools
Developing Good Operations Tools
 
Monitoring As A Service - Monitorama 2015
Monitoring As A Service - Monitorama 2015Monitoring As A Service - Monitorama 2015
Monitoring As A Service - Monitorama 2015
 
Docker for Developers
Docker for DevelopersDocker for Developers
Docker for Developers
 
Why Monitoring Sucks and what Configuration Management can do about it
Why Monitoring Sucks and what Configuration Management can do about itWhy Monitoring Sucks and what Configuration Management can do about it
Why Monitoring Sucks and what Configuration Management can do about it
 
Monitoring As a Service
Monitoring As a ServiceMonitoring As a Service
Monitoring As a Service
 
Fig for Local Development
Fig for Local DevelopmentFig for Local Development
Fig for Local Development
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Software archaeology for beginners: code, community and culture
Software archaeology for beginners: code, community and cultureSoftware archaeology for beginners: code, community and culture
Software archaeology for beginners: code, community and culture
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeLogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
 
Once upon a time: Why operations mythology matters
Once upon a time: Why operations mythology mattersOnce upon a time: Why operations mythology matters
Once upon a time: Why operations mythology matters
 
State of the Puppet Community - PuppetConf 2012
State of the Puppet Community - PuppetConf 2012State of the Puppet Community - PuppetConf 2012
State of the Puppet Community - PuppetConf 2012
 
Rollback: The Impossible Dream
Rollback: The Impossible DreamRollback: The Impossible Dream
Rollback: The Impossible Dream
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration Management
 

Kürzlich hochgeladen

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
Overkill Security
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 

Kürzlich hochgeladen (20)

WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 

Security Loves DevOps: DevOpsDays Austin 2012

  • 1. DevOps & Security James Turnbull Puppet Labs DEVOPSDAYS AUSTIN 2012
  • 2. Who me? • Puppet Labs employee • Security boffin • Open source fan • Author • Australian • Expletives DEVOPSDAYS AUSTIN 2012
  • 3. More introductions Does anyone here work in Security? DEVOPSDAYS AUSTIN 2012
  • 4. Three things I hated about Security 1. Not being liked 2. Not being effective 3. Not being happy DEVOPSDAYS AUSTIN 2012
  • 5. Meme theft… DEVOPSDAYS AUSTIN 2012
  • 6. What IT think Security do DEVOPSDAYS AUSTIN 2012
  • 7. What the business think Security do DEVOPSDAYS AUSTIN 2012
  • 8. What Security people think they do DEVOPSDAYS AUSTIN 2012
  • 9. What Security Isn’t DEVOPSDAYS AUSTIN 2012
  • 10. What Security Is (or Should Be) • Partnership not conflict • Servicing and Protecting all customers • Allowing increased risk appetite • Enabling the business to do business DEVOPSDAYS AUSTIN 2012
  • 11. The Intersection DEVOPSDAYS AUSTIN 2012
  • 12. Security people are people too DEVOPSDAYS AUSTIN 2012
  • 13. Security people are people too • Developer People • Ops People • DBA People • Network People • Storage People DEVOPSDAYS AUSTIN 2012
  • 14. DevOps & Security You should care about security too! DEVOPSDAYS AUSTIN 2012
  • 15. DevOps & Security Evolution is mutual DEVOPSDAYS AUSTIN 2012
  • 16. Getting Security to Listen It’s all about the culture DEVOPSDAYS AUSTIN 2012
  • 17. Getting Security to Listen Destroy the blame culture DEVOPSDAYS AUSTIN 2012
  • 18. Getting Security to Listen Speak the same language DEVOPSDAYS AUSTIN 2012
  • 19. Getting Security to Listen "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.” DEVOPSDAYS AUSTIN 2012 - CISA
  • 20. Getting Security to Listen Let the business do business with the right controls DEVOPSDAYS AUSTIN 2012
  • 21. Talking Controls • Provisioning & Deployment: Efficiency • Configuration Management: Inconsistency is the enemy of security • Incident Management: Information is King • Audit: Magic away auditors DEVOPSDAYS AUSTIN 2012
  • 22. Ideas for Collaboration DEVOPSDAYS AUSTIN 2012
  • 23. DevOps & Security • Get roles and responsibilities right • Security people are (skilled) people too • Risk Register diving DEVOPSDAYS AUSTIN 2012
  • 24. Dev & Security • Put Security people into Dev • Gather security requirements early • Designed for security == Deployed sanely & securely DEVOPSDAYS AUSTIN 2012
  • 25. Ops & Security • Embed Security into Ops escalation • Invite Security to post-mortems • Expose Security to your metrics & data DEVOPSDAYS AUSTIN 2012
  • 26. Thanks James Turnbull james@puppetlabs.com @kartar http://www.kartar.net DEVOPSDAYS AUSTIN 2012

Hinweis der Redaktion

  1. ----- Meeting Notes (4/1/12 15:14) -----1. Firewall rules faster2. Three things: - Information: What's vuln - Remediation: Fix it once and fast. - Consistency - things stay fixed