SlideShare ist ein Scribd-Unternehmen logo

DevSecOps: The DoD Software Factory

S
scoopnewsgroup

Nicolas Chaillan, Chief Software Officer, U.S. Air Force Red Hat Government Symposium 2019

Regierungs- und gemeinnützige Organisationen
1 von 36
Downloaden Sie, um offline zu lesen
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force Mr. Nicolas Chaillan Chief Software Officer, U.S. Air Force Co-Lead, DoD Enterprise DevSecOps Initiative v1.5 – UNCLASSFIED DoD Enterprise DevSecOps Initiative (Software Factory)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Problem Statement n The Department of Defense (DoD) is mostly still using Waterfall software methodologies with software delivery every 3 to 10 years, making it impossible to keep up with the pace of technology. n The DoD Authority to Operate (ATO) process to accredit software takes on average 8 months and is mostly manual with several testing and cybersecurity gates. n Most of the Defense Industrial Base (DIB) (the DoD contractors and developers) has not adopted an Agile and/or DevOps mindset. n Massive organization with large silos and large workforce. n Limited IT enterprise services, Cloud access and high speed connectivity. 3
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 5 Must Rapidly Adapt To Challenges
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 6 Must Adapt To Challenges Work as a Team!
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 7 Must Adapt To Challenges Work as a Team! A Large Team!
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 8 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 9 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies Bring It With Us!
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 10 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies Bring It With Us! To Space!
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 11 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies Bring It With Us! To Space! With a Few Sensors!
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 12 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies Bring It With Us! To Space! With a Few Sensors! With their Help!
I n t e g r i t y - S e r v i c e - E x c e l l e n c e What is the DoD Enterprise DevSecOps Initiative? n Joint Program with OUSD(A&S), DoD CIO, U.S. Air Force, DISA and the Military Services. n Technology: n Avoid vendor lock-in at the Infrastructure and Platform Layer by leveraging FOSS with Kubernetes and OCI containers, n Creating the DoD Centralized Artifacts Repository (DCAR) of hardened and centrally accredited containers: selecting, certifying, and securing best of breed development tools and software capabilities (over 170+ containers) - https://dccscr.dsop.io/dsop/ and https://dcar.dsop.io n Baked-in Zero Trust Security with our Sidecar Container Security Stack (SCSS) leveraging behavior detection, zero trust down to the container/function level. n Leveraging a Scalable Microservices Architecture with Service Mesh/API Gateway and baked-in security (Istio) n Leveraging KNative to avoid lock-in to Cloud provider Serverless stacks n Bringing Enterprise IT Capabilities with Cloud One and Platform One – Cloud and DevSecOps as Managed Services capabilities, on-boarding and support! n Standardizing metrics and define acceptable thresholds for DoD-wide continuous Authority to Operate n Massive Scale Training with Self Learning Capabilities (train over 100K people within a year) and bring state of the art DevSecOps curriculum n Creating new Agile contracting language to enable and incentivize the use of DevSecOps 13
I n t e g r i t y - S e r v i c e - E x c e l l e n c e From Waterfall to DevSecOps 14
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Value for DoD Programs n Enables any DoD Program across DoD Services deploy a DoD hardened Software Factory, on their existing or new environments (including classified, disconnected and Clouds), within days instead of a year. Tremendous cost and time savings. n Multiple DevSecOps pipelines are available with various options (no one-size-fits-all) n Enables rapid prototyping (in days and not months or years) for any Business, C4ISR and Weapons system. Deployment in PRODUCTION! n Enables learning and continuous feedback from actual end-users (warfighters). n Enables bug and security fixes in minutes instead of weeks/months. n Enables automated testing and security. n Enables continuous Authorization to Operate (c-ATO) process. Authorize ONCE, use MANY times! n Brings a holistic and baked-in cybersecurity stack, gaining complete visibility of all assets, software security state and infrastructure as code. 15
I n t e g r i t y - S e r v i c e - E x c e l l e n c e “Cloud One” vs “Platform One by LevelUP” n Cloud One: n Centralized team to provide Cloud Infrastructure with baked-in security to DoD programs. Think of it as the Infrastructure team with baked-in security, CSSP and Authority to Operate (ATO). n Platform One by LevelUP: n Centralized team to provide DevSecOps/Software Factory with baked-in security to DoD Programs. Think of it as the Platform Team with the ability to deploy a DevSecOps (Kubernetes compliant) Platform and CI/CD pipeline with a Continuous ATO (c-ATO). You select from accredited tools to accelerate your ability to focus on delivering mission capabilities. 16
I n t e g r i t y - S e r v i c e - E x c e l l e n c e YOU Understanding the DevSecOps Layers Cloud One Platform One ContinuousMonitoring LeveragestheSidecarContainerSecurityStack CNCF compliant Kubernetes (K8S) Includes Site Reliability Engineers (SREs) etc. Development Team selects between approved K8S stacks Fully containerized, leverages DoD approved containers from DCAR Development Team selects tools from 172 approved containers or custom containers Brings baked-in security and Microservices architecture enablement Development Teams can build software/microservices leveraging hardened containers Infrastructure Layer Platform Layer Continuous Integration / Continuous Delivery (CI/CD) Layer Service Mesh Layer Application Layer
STORE ARTIFACTS SCALE MONITOR SECURE TEST BUILD “Continuous Integration & Continuous Delivery” Orchestration DoD Enterprise DevSecOps Technology Stack (Exemplar) PLAN & DEVELOP DEPLOY & OPERATE Container and Container Management
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Cloud One n Air Force Cloud Office with turnkey access to AWS GovCloud and Azure Government at IL2, 4 and 5. IL6 available by December 2019. n Simple “Pay per use” model with ability to instantiate your own Development and Production VPCs at various Impact Levels within days with full compliance/security and a baked-in ATO. n Enterprise Solution: we provide the guardrails to the cloud in a standard manner so you can focus on your mission n Fully Automated: All environmental stand-up is managed by Infrastructure as Code, drastically speeding up deployment, reducing manual work, and human error n Centralized Identities and Single-Sign-On (SSO): one login across the Cloud stack n Internet facing Cloud based VPN to connect to IL5 enclaves with a Virtual Internet Access Point (coming within January 2020). n DevSecOps Focused: secure, mission driven deployments are built into the framework to ensure self-service and seamless deployments. Leverages Zero Trust model. n Proactive Scaling and System Monitoring: Mission Owners can see all operational metrics and provide rules and alerts to manage each mission their way n Accreditation Inheritance has been identified in the AF-Cloud One eMASS accounts (AWS & Azure) to include inheritance from the CSP, USAF, DoD and CSSP. All that’s left for the mission is the controls that are unique to them. 19
I n t e g r i t y - S e r v i c e - E x c e l l e n c e “Platform One by LevelUP” The Air Force Software Factory Team n Merged top talent across U.S. Air Force from various Factories (Kessel Run, SpaceCAMP and UP. n Helps instantiate DevSecOps CI/CD pipelines / Software Factories within days at various classification levels. n Manages Software Factories for Development teams so they can focus on building mission applications. n Provides Blanket Purchase Agreement (BPA) DoD-wide DevSecOps contracts for Cloud Service, Talent and Licenses. Enables awards every 15/30 days with bulk discounts. n Decouples Development Teams from Factory teams with DevSecOps and Site Reliability Engineer (SRE) expertise. n Partners with Cloud One to provide IL2, 4, 5 and 6 access but also uses C2S/SC2S and various on-premise environments! n Self-learning and training capabilities to enable teams move to Scrum/Kanban/eXtreme Programming (XP) Agile practices. n Leverages the DoD hardened containers while avoiding one-size-fits-all architectures. n Fully compliant with the DoD Enterprise DevSecOps Initiative (DSOP) with DoD-wide reciprocity and an ATO. Leverages Zero Trust model. n Hardens the 172 DoD enterprise containers (databases, development tools, CI/CD tools, cybersecurity tools etc.). n Provides Software Enterprise Services with Collaboration tools, Cybersecurity tools, Source code repositories, Artifact repositories, Development tools, DevSecOps as a Service, Chats etc. These services will be MANAGED services on Cloud One. 20
I n t e g r i t y - S e r v i c e - E x c e l l e n c e “Platform One by LevelUP” Managed Services “A La Carte” n Hardened Containers Options n Delivery of hardened enterprise containers with accreditation reciprocity (existing containers only). n Delivery of custom hardened containers as needed. n Continuous Integration / Continuous Delivery (CI/CD) Options n Delivery of existing hardened Kubernetes/OpenShift/PKS playbooks (full Infrastructure as Code). n Delivery of a turnkey CI/CD pipeline (Software Factory) with complete « Infrastructure as Code » to instantiate on any environment (development teams picks the tools from the approved hardened containers) on various classified/unclassified environment. n Training/On-Boarding Options n 1-day training Session: introduction to DevSecOps. Overview and understanding of the vision and activities. n A 3 day introduction to LevelUP DevSecOps tech stack. Hands on code and User-Centered Design (UCD) to deploy your first demo app to production. n A several week full on-boarding, that concludes with an MVP ready for production. n A several month full on-boarding, that concludes with your platform team being able to support your own DevSecOps applications for development and production. n Customized training options (both at our locations or on your premises). n Contracting Support Options n Ability to leverage the DevSecOps BOAs (Cloud Services, Talent and Licenses). n Enable access to DevSecOps engineers/SREs Full-Time-Equivalent (FTEs) (Medics/Counselors) to assist Programs. 21
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DoD Enterprise DevSecOps Architecture
Bare-metal, GovCloud, AWS Secret, Azure Secret, mil Cloud, C2S, Jedi…*** Elasticsearch DoD Enterprise DevSecOps Platform** 23 DoD Enterprise DevSecOps Architecture* DevSecOps CI/CD pipeline** Kubernetes Optional Abstraction Layer with Red Hat OpenShift or PKS or CNCF compliant Kubernetes Product Artifacts Repository** Sidecar Container Security Stack Centralized DoD Enterprise DevSecOps Artifacts Repository Continuously Hardens Docker Public Images and Assesses Open Source Libraries pulls pulls Program Source code repository Application / Microservices built by DoD Programs. pulls *each DoD Program can have its own instantiation of the DoD Enterprise DevSecOps Platform on any Cloud. ** can be installed with single command and deployed on any Cloud. *** could be deployed inside an enclave or on- premises **** gives complete visibilities of assets, security/vulnerability state etc. can be integrated to existing cybersecurity shared services. DoD OCIO/DISA Centralized Logs/Telemetry****Fluentd Real- time pushes Per DoD Service for Service-wide Visibility Logs/Telemetry**** pulls pulls Microservices Architecture (ISTIO)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Microservices Architecture (ISTIO) 24 n Turnkey Service Mesh (ISTIO) architecture n ISTIO side car proxy, baked-in security, with visibility across containers, by default, without any developer interaction or code change n Benefits: n API Management, service discovery, authentication… n Dynamic request routing for A/B testing, gradual rollouts, canary releases, resilience, observability, retries, circuit breakers and fault injection n Layer 7 Load balancing n Zero Trust model: East/West Traffic Whitelisting, ACL, RBAC… n TLS encryption by default, Key management, signing…
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Sidecar Container Security Stack n Baked-in Zero Trust security down to the Container/Function level with Istio (Envoy) and Knative. n Centralized logging and telemetry with Elasticsearch, Fluentd, Kibana (EFK). n Container security: Continuous Scanning, Alerting, CVE scanning, Behavior detection both in development and production (Build, Registry, Runtime) with Twistlock n Container security and insider threat (custom policies detecting unapproved changes to Dockerfiles) with Anchore n Automated STIG compliance with OpenSCAP 25
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Platform Stack (continuously evolving)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (1) 27 Source Repository GitHub Government GitLab Container Management technologies: Kubernetes Openshift VMWare Tanzu PKS OKD Rancher (K8S only) D2IQ (K8S only) Docker EE (K8S only) Container Packagers: Helm Kubernetes Operators API Gateways Kong Azure API AWS API Axway 3Scale Apigee ISTIO (service mesh) Artifacts Artifactory Nexus Maven Archiva S3 bucket Programming Languages C/C++ C#/.NET .NET Core Java PHP Python Groovy Ruby R Rust Scala Perl Go Node.JS Swift Databases SQL Server MySQL PostgreSQL MongoDB SQLite Redis Elasticsearch Oracle etcd Hadoop/HDInsight Cloudera Oracle Big Data Solr Neo4J Memcached Cassandra MariaDB CouchDB InfluxDB (time)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (2) 28 Message bus/Streams Kafka Flink Nats RabbitMQ ActiveMQ Proxy Oauth2 proxy nginx ldap auth proxy openldap HA Proxy Visualization Tableau Kibana Logs Logstash Splunk Forwarder Fluentd Syslogd Filebeat rsyslog Webservers Apache2 Nginx IIS Lighttpd Tomcat Docker base images OS: Alpine Busybox Ubuntu Centos Debian Fedora Universal Base Image Serverless Knative
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (3) 29 Build MSBuild CMake Maven Gradle Apache Ant Tests suite Cucumber J-Unit Selenium TestingWhiz Watir Sahi Zephyr Vagrant AppVerify nosetests SoapUI LeanFT Test coverage JaCoCo Emma Cobertura codecov CI/CD Orchestration Jenkins (open source) CloudBees Jenkins GitLab Jenkins plugins Dozens (Need to verify security). Configuration Management / Delivery Puppet Chef Ansible Saltstack Security Tenable / Nessus Agents Fortify Twistlock Aqua SonarQBE Qualys StackRox Aporeto Snort OWASP ZAP Contrast Security OpenVAS Metasploit ThreadFix pylint JFrog Xray OpenSCAP (can check against DISA STIG) OpenControl for compliance documentation Security (2) Snyk Code Climate AJAX Spider Tanaguru (508 compliance) InSpec OWASP Dependency-Check Burp HBSS Anchore Checkmarx SD Elements Clair Docker Bench Security Notary Sysdig Layered Insight BlackDuck Nexus IQ/Lifecycle/Firewall
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (4) 30 Monitoring Sensu EFK (Elasticsearch, Fluentd, Kibana) Splunk Nagios New Relic Sentry Promotheus Grafana Kiali Collaboration Rocket.Chat Matter.Most PagerDuty Plan Jira Confluence Rally Redmine Pivotal Tracker Secrets Kubernetes Secrets Vault Credentials (Jenkins) CryptoMove SSO Keycloak Documentation Javadoc RDoc Sphinx Doxygen Cucumber phpDocumentator Pydoc Performance Apache AB Jmeter LoadRunner
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Legacy to DevSecOps => Strangler Pattern n Martin Fowler describes the Strangler Application: n One of the natural wonders of this area are the huge strangler vines. They seed in the upper branches of a fig tree and gradually work their way down the tree until they root in the soil. Over many years they grow into fantastic and beautiful shapes, meanwhile strangling and killing the tree that was their host. n To get there, the following steps were followed: n First, add a proxy, which sits between the legacy application and the user. Initially, this proxy doesn’t do anything but pass all traffic, unmodified, to the application. n Then, add new service (with its own database(s) and other supporting infrastructure) and link it to the proxy. Implement the first new page in this service. Then allow the proxy to serve traffic to that page (see below). n Add more pages, more functionality and potentially more services. Open up the proxy to the new pages and services. Repeat until all required functionality is handled by the new stack. n The monolith no longer serves traffic and can be switched off. n Learn more: https://www.ibm.com/developerworks/cloud/library/cl-strangler-application-pattern- microservices-apps-trs/index.html and https://www.michielrook.nl/2016/11/strangler-pattern-practice/ 31
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (1) n Recommended Videos (Part 1) n Watch our playlists, available at different expertise levels and continuously augmented! n Kafka / KSQL (message bus, pub/sub, event driven): n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlzz0zt03Ludtid7icrXBesg n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxxXX0oCzt7laO6mD61UIQw n Advanced: N/A n Kubernetes n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlydFzQzkYYDdQK7k5cEKubQ n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlx8dSFH_jFLK40Tt7KUXTN_ n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlytdAJiVqbHucWOvn5LrTNW 32
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (2) n Recommended Videos (Part 2) n Watch our playlists, available at different expertise levels and continuously augmented! n Service Mesh n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxtC4rDIMQ8QiG5UBCjz7VH n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlwWK_Y_Cas8Nyw-DsdbH6vl n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlx8VW2MFONMRwS_-2rSJwdn n Microservices n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlz_U2_RaONTGYLkz0lh-A_L n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxqjuAXxoRMjvspaEE8L2cB n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlw4CF4F4t3gVV3j0512CMsu 33
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (3) n Recommended Books n A Seat at the Table – by Mark Schwartz (former CIO of USCIS, leader in Agile) This book is highly recommended for ALL leadership as it is not technical but focused on the challenges around business, procurement and how leadership can enable DevOps across the organization and remove impediments. n The Phoenix Project – by the founders of DevOps n The DevOps Handbook – by Gene Kim, Patrick Debois. For those who drive to work like me (for hours), please note that these books are available as Audiobooks. 34
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Thank You! Nicolas Chaillan Chief Software Officer, U.S. Air Force usaf.cso@mail.mil
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Backup Slides
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Nicolas Chaillan - Presenter n Nicolas M. Chaillan is the Chief Software Officer at the U.S. Air Force and the Co-Lead for the DoD Enterprise DevSecOps Initiative. n He is the former Special Advisor for Cloud Security and DevSecOps at OSD, A&S. n He was the Special Advisor for Cybersecurity at the Department of Homeland Security and the Chief Architect for Cyber.gov, the new robust, innovative and holistic .Gov cyber security architecture for all .gov agencies. n Chaillan is a technology entrepreneur, software developer, cyber expert and inventor. He is recognized as one of France’s youngest entrepreneurs after founding his first company at 15 years of age. n With 19 years of international tech, entrepreneurial and management experience, Chaillan is the founder of more than 12 companies, including AFTER-MOUSE.COM, Prevent-Breach, anyGuest.com, and more. n Over the last eight years alone, he has created and sold over 180 innovative software products to 40 Fortune 500 companies. n Chaillan is recognized as a pioneer of the computer language PHP. 37 Chief Software Officer
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Thank You! Nicolas Chaillan Chief Software Officer, U.S. Air Force nicolas.m.chaillan.civ@mail.mil

Empfohlen

Observability at Scale
Observability at Scale Observability at Scale
Observability at Scale Knoldus Inc.
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptxMohammadSaif904342
 
Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-EngineeringAraf Karsh Hamid
 
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseScaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseOpsta
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SREAraf Karsh Hamid
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...Splunk
 

Empfohlen

Observability at Scale
Observability at Scale Observability at Scale
Observability at Scale Knoldus Inc.
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptxMohammadSaif904342
 
Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-EngineeringAraf Karsh Hamid
 
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseScaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseOpsta
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SREAraf Karsh Hamid
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...Splunk
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Why to Cloud Native
Why to Cloud NativeWhy to Cloud Native
Why to Cloud NativeKarthik Gaekwad
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
Cloud Center of Excellence
Cloud Center of ExcellenceCloud Center of Excellence
Cloud Center of ExcellenceJeremy Canale
 
Azure Application Modernization
Azure Application ModernizationAzure Application Modernization
Azure Application ModernizationKarina Matos
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextDaniel Bryant
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Improve monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsImprove monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsNilesh Gule
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...DevOps.com
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureJohn Archer
 
Unlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, ToolsUnlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, ToolsMitchell Pronschinske
 
Observability & Datadog
Observability & DatadogObservability & Datadog
Observability & DatadogJamesAnderson599331
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
DevOps
DevOpsDevOps
DevOpsGehad Elsayed
 
App dynamics and servicenow v5
App dynamics and servicenow v5App dynamics and servicenow v5
App dynamics and servicenow v5BrendanBooth
 
Service Mesh - Observability
Service Mesh - ObservabilityService Mesh - Observability
Service Mesh - ObservabilityAraf Karsh Hamid
 
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud Steps
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud StepsAccelerate Cloud Migration to AWS Cloud with Cognizant Cloud Steps
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud StepsAmazon Web Services
 
Observability
ObservabilityObservability
ObservabilityEbru Cucen Çüçen
 
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxDoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxTomGrand4
 
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...scoopnewsgroup
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
Cloud Center of Excellence
Cloud Center of ExcellenceCloud Center of Excellence
Cloud Center of ExcellenceJeremy Canale
 
Azure Application Modernization
Azure Application ModernizationAzure Application Modernization
Azure Application ModernizationKarina Matos
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextDaniel Bryant
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Improve monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsImprove monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsNilesh Gule
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...DevOps.com
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureJohn Archer
 
Unlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, ToolsUnlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, ToolsMitchell Pronschinske
 
App dynamics and servicenow v5
App dynamics and servicenow v5App dynamics and servicenow v5
App dynamics and servicenow v5BrendanBooth
 
Service Mesh - Observability
Service Mesh - ObservabilityService Mesh - Observability
Service Mesh - ObservabilityAraf Karsh Hamid
 
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud Steps
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud StepsAccelerate Cloud Migration to AWS Cloud with Cognizant Cloud Steps
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud StepsAmazon Web Services
 

Was ist angesagt? (20)

Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Why to Cloud Native
Why to Cloud NativeWhy to Cloud Native
Why to Cloud Native
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
 
Cloud Center of Excellence
Cloud Center of ExcellenceCloud Center of Excellence
Cloud Center of Excellence
 
Azure Application Modernization
Azure Application ModernizationAzure Application Modernization
Azure Application Modernization
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Improve monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsImprove monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss tools
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft Azure
 
Unlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, ToolsUnlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, Tools
 
Observability & Datadog
Observability & DatadogObservability & Datadog
Observability & Datadog
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
DevOps
DevOpsDevOps
DevOps
 
App dynamics and servicenow v5
App dynamics and servicenow v5App dynamics and servicenow v5
App dynamics and servicenow v5
 
Service Mesh - Observability
Service Mesh - ObservabilityService Mesh - Observability
Service Mesh - Observability
 
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud Steps
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud StepsAccelerate Cloud Migration to AWS Cloud with Cognizant Cloud Steps
Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud Steps
 
Observability
ObservabilityObservability
Observability
 

Ähnlich wie DevSecOps: The DoD Software Factory

DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxDoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxTomGrand4
 
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...scoopnewsgroup
 
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanDoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanHermanKBeta
 
DoD-Enterprise-DevSecOps-Initiative.pptx
DoD-Enterprise-DevSecOps-Initiative.pptxDoD-Enterprise-DevSecOps-Initiative.pptx
DoD-Enterprise-DevSecOps-Initiative.pptxfengerqiang
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through EducationGrant Ongers
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAlex Rhea
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenNadira Bajrei
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Young Suk Ahn Park
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementationAspire Systems
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
Dataverse in the European Open Science Cloud
Dataverse in the European Open Science CloudDataverse in the European Open Science Cloud
Dataverse in the European Open Science Cloudvty
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessMohammed A. Imran
 
DevSecOps: Security With DevOps
DevSecOps: Security With DevOpsDevSecOps: Security With DevOps
DevSecOps: Security With DevOpsKnoldus Inc.
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipDevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipBryan Len
 
Resume Deepthi Reddy
Resume Deepthi ReddyResume Deepthi Reddy
Resume Deepthi ReddyDeepthi Reddy
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE
 
Getting Started with Azure DevOps
Getting Started with Azure DevOpsGetting Started with Azure DevOps
Getting Started with Azure DevOpsJessica Deen
 

Ähnlich wie DevSecOps: The DoD Software Factory (20)

DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxDoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
 
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
 
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanDoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
 
DoD-Enterprise-DevSecOps-Initiative.pptx
DoD-Enterprise-DevSecOps-Initiative.pptxDoD-Enterprise-DevSecOps-Initiative.pptx
DoD-Enterprise-DevSecOps-Initiative.pptx
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through Education
 
DevSecOps on Azure
DevSecOps on AzureDevSecOps on Azure
DevSecOps on Azure
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container Adoption
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementation
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
Dataverse in the European Open Science Cloud
Dataverse in the European Open Science CloudDataverse in the European Open Science Cloud
Dataverse in the European Open Science Cloud
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
 
DevSecOps: Security With DevOps
DevSecOps: Security With DevOpsDevSecOps: Security With DevOps
DevSecOps: Security With DevOps
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipDevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
 
Resume Deepthi Reddy
Resume Deepthi ReddyResume Deepthi Reddy
Resume Deepthi Reddy
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
 
Getting Started with Azure DevOps
Getting Started with Azure DevOpsGetting Started with Azure DevOps
Getting Started with Azure DevOps
 

Mehr von scoopnewsgroup

2020: What's on Deck for the PMA
2020: What's on Deck for the PMA2020: What's on Deck for the PMA
2020: What's on Deck for the PMAscoopnewsgroup
 
Modernization Requires Choice
Modernization Requires ChoiceModernization Requires Choice
Modernization Requires Choicescoopnewsgroup
 
Smarter Access is the Bridge to Security Modernization
Smarter Access is the Bridge to Security ModernizationSmarter Access is the Bridge to Security Modernization
Smarter Access is the Bridge to Security Modernizationscoopnewsgroup
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 
Building a Zero Trust Architecture
Building a Zero Trust ArchitectureBuilding a Zero Trust Architecture
Building a Zero Trust Architecturescoopnewsgroup
 
History of Data-Centric Transformation
History of Data-Centric TransformationHistory of Data-Centric Transformation
History of Data-Centric Transformationscoopnewsgroup
 
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?scoopnewsgroup
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Keeping the Workforce of the Future Empowered, Engaged & Happy
Keeping the Workforce of the Future Empowered, Engaged & HappyKeeping the Workforce of the Future Empowered, Engaged & Happy
Keeping the Workforce of the Future Empowered, Engaged & Happyscoopnewsgroup
 
It All Starts with Linux
It All Starts with LinuxIt All Starts with Linux
It All Starts with Linuxscoopnewsgroup
 
Leadership in the Digital Age
Leadership in the Digital AgeLeadership in the Digital Age
Leadership in the Digital Agescoopnewsgroup
 
Digital Transformation for Government
Digital Transformation for GovernmentDigital Transformation for Government
Digital Transformation for Governmentscoopnewsgroup
 
Enhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber RangeEnhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber Rangescoopnewsgroup
 
Lessons Learned from Fire Escapes for Cybersecurity
Lessons Learned from Fire Escapes for CybersecurityLessons Learned from Fire Escapes for Cybersecurity
Lessons Learned from Fire Escapes for Cybersecurityscoopnewsgroup
 
2019 FedScoop Public Sector innovation Summit
2019 FedScoop Public Sector innovation Summit2019 FedScoop Public Sector innovation Summit
2019 FedScoop Public Sector innovation Summitscoopnewsgroup
 
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...scoopnewsgroup
 

Mehr von scoopnewsgroup (20)

2020: What's on Deck for the PMA
2020: What's on Deck for the PMA2020: What's on Deck for the PMA
2020: What's on Deck for the PMA
 
Modernization Requires Choice
Modernization Requires ChoiceModernization Requires Choice
Modernization Requires Choice
 
Smarter Access is the Bridge to Security Modernization
Smarter Access is the Bridge to Security ModernizationSmarter Access is the Bridge to Security Modernization
Smarter Access is the Bridge to Security Modernization
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
 
Building a Zero Trust Architecture
Building a Zero Trust ArchitectureBuilding a Zero Trust Architecture
Building a Zero Trust Architecture
 
History of Data-Centric Transformation
History of Data-Centric TransformationHistory of Data-Centric Transformation
History of Data-Centric Transformation
 
IC Fireside Chat
IC Fireside ChatIC Fireside Chat
IC Fireside Chat
 
The Edge to AI
The Edge to AIThe Edge to AI
The Edge to AI
 
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
 
Keeping the Workforce of the Future Empowered, Engaged & Happy
Keeping the Workforce of the Future Empowered, Engaged & HappyKeeping the Workforce of the Future Empowered, Engaged & Happy
Keeping the Workforce of the Future Empowered, Engaged & Happy
 
Opening Remarks
Opening RemarksOpening Remarks
Opening Remarks
 
It All Starts with Linux
It All Starts with LinuxIt All Starts with Linux
It All Starts with Linux
 
Leadership in the Digital Age
Leadership in the Digital AgeLeadership in the Digital Age
Leadership in the Digital Age
 
Digital Transformation for Government
Digital Transformation for GovernmentDigital Transformation for Government
Digital Transformation for Government
 
Enhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber RangeEnhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber Range
 
Lessons Learned from Fire Escapes for Cybersecurity
Lessons Learned from Fire Escapes for CybersecurityLessons Learned from Fire Escapes for Cybersecurity
Lessons Learned from Fire Escapes for Cybersecurity
 
2019 FedScoop Public Sector innovation Summit
2019 FedScoop Public Sector innovation Summit2019 FedScoop Public Sector innovation Summit
2019 FedScoop Public Sector innovation Summit
 
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
 

Kürzlich hochgeladen

Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxtsionhagos36
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCongressional Budget Office
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...CedZabala
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos WebinarLinda Reinstein
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Call Girls in Nagpur High Profile
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...ResolutionFoundation
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...ranjana rawat
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)ahcitycouncil
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28JSchaus & Associates
 
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escortsaditipandeya
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Hemant Purohit
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...aartirawatdelhi
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfahcitycouncil
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...tanu pandey
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Roomishabajaj13
 

Kürzlich hochgeladen (20)

Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptx
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related Topics
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
 
How to Save a Place: 12 Tips To Research & Know the Threat
How to Save a Place: 12 Tips To Research & Know the ThreatHow to Save a Place: 12 Tips To Research & Know the Threat
How to Save a Place: 12 Tips To Research & Know the Threat
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28
 
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdf
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCeCall Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
 

DevSecOps: The DoD Software Factory

  • 1. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force Mr. Nicolas Chaillan Chief Software Officer, U.S. Air Force Co-Lead, DoD Enterprise DevSecOps Initiative v1.5 – UNCLASSFIED DoD Enterprise DevSecOps Initiative (Software Factory)
  • 2. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Problem Statement n The Department of Defense (DoD) is mostly still using Waterfall software methodologies with software delivery every 3 to 10 years, making it impossible to keep up with the pace of technology. n The DoD Authority to Operate (ATO) process to accredit software takes on average 8 months and is mostly manual with several testing and cybersecurity gates. n Most of the Defense Industrial Base (DIB) (the DoD contractors and developers) has not adopted an Agile and/or DevOps mindset. n Massive organization with large silos and large workforce. n Limited IT enterprise services, Cloud access and high speed connectivity. 3
  • 3. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 5 Must Rapidly Adapt To Challenges
  • 4. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 6 Must Adapt To Challenges Work as a Team!
  • 5. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 7 Must Adapt To Challenges Work as a Team! A Large Team!
  • 6. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 8 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies
  • 7. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 9 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies Bring It With Us!
  • 8. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 10 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies Bring It With Us! To Space!
  • 9. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 11 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies Bring It With Us! To Space! With a Few Sensors!
  • 10. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Must Adapt to Challenges 12 Must Adapt To Challenges Work as a Team! A Large Team! With Various Technologies Bring It With Us! To Space! With a Few Sensors! With their Help!
  • 11. I n t e g r i t y - S e r v i c e - E x c e l l e n c e What is the DoD Enterprise DevSecOps Initiative? n Joint Program with OUSD(A&S), DoD CIO, U.S. Air Force, DISA and the Military Services. n Technology: n Avoid vendor lock-in at the Infrastructure and Platform Layer by leveraging FOSS with Kubernetes and OCI containers, n Creating the DoD Centralized Artifacts Repository (DCAR) of hardened and centrally accredited containers: selecting, certifying, and securing best of breed development tools and software capabilities (over 170+ containers) - https://dccscr.dsop.io/dsop/ and https://dcar.dsop.io n Baked-in Zero Trust Security with our Sidecar Container Security Stack (SCSS) leveraging behavior detection, zero trust down to the container/function level. n Leveraging a Scalable Microservices Architecture with Service Mesh/API Gateway and baked-in security (Istio) n Leveraging KNative to avoid lock-in to Cloud provider Serverless stacks n Bringing Enterprise IT Capabilities with Cloud One and Platform One – Cloud and DevSecOps as Managed Services capabilities, on-boarding and support! n Standardizing metrics and define acceptable thresholds for DoD-wide continuous Authority to Operate n Massive Scale Training with Self Learning Capabilities (train over 100K people within a year) and bring state of the art DevSecOps curriculum n Creating new Agile contracting language to enable and incentivize the use of DevSecOps 13
  • 12. I n t e g r i t y - S e r v i c e - E x c e l l e n c e From Waterfall to DevSecOps 14
  • 13. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Value for DoD Programs n Enables any DoD Program across DoD Services deploy a DoD hardened Software Factory, on their existing or new environments (including classified, disconnected and Clouds), within days instead of a year. Tremendous cost and time savings. n Multiple DevSecOps pipelines are available with various options (no one-size-fits-all) n Enables rapid prototyping (in days and not months or years) for any Business, C4ISR and Weapons system. Deployment in PRODUCTION! n Enables learning and continuous feedback from actual end-users (warfighters). n Enables bug and security fixes in minutes instead of weeks/months. n Enables automated testing and security. n Enables continuous Authorization to Operate (c-ATO) process. Authorize ONCE, use MANY times! n Brings a holistic and baked-in cybersecurity stack, gaining complete visibility of all assets, software security state and infrastructure as code. 15
  • 14. I n t e g r i t y - S e r v i c e - E x c e l l e n c e “Cloud One” vs “Platform One by LevelUP” n Cloud One: n Centralized team to provide Cloud Infrastructure with baked-in security to DoD programs. Think of it as the Infrastructure team with baked-in security, CSSP and Authority to Operate (ATO). n Platform One by LevelUP: n Centralized team to provide DevSecOps/Software Factory with baked-in security to DoD Programs. Think of it as the Platform Team with the ability to deploy a DevSecOps (Kubernetes compliant) Platform and CI/CD pipeline with a Continuous ATO (c-ATO). You select from accredited tools to accelerate your ability to focus on delivering mission capabilities. 16
  • 15. I n t e g r i t y - S e r v i c e - E x c e l l e n c e YOU Understanding the DevSecOps Layers Cloud One Platform One ContinuousMonitoring LeveragestheSidecarContainerSecurityStack CNCF compliant Kubernetes (K8S) Includes Site Reliability Engineers (SREs) etc. Development Team selects between approved K8S stacks Fully containerized, leverages DoD approved containers from DCAR Development Team selects tools from 172 approved containers or custom containers Brings baked-in security and Microservices architecture enablement Development Teams can build software/microservices leveraging hardened containers Infrastructure Layer Platform Layer Continuous Integration / Continuous Delivery (CI/CD) Layer Service Mesh Layer Application Layer
  • 16. STORE ARTIFACTS SCALE MONITOR SECURE TEST BUILD “Continuous Integration & Continuous Delivery” Orchestration DoD Enterprise DevSecOps Technology Stack (Exemplar) PLAN & DEVELOP DEPLOY & OPERATE Container and Container Management
  • 17. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Cloud One n Air Force Cloud Office with turnkey access to AWS GovCloud and Azure Government at IL2, 4 and 5. IL6 available by December 2019. n Simple “Pay per use” model with ability to instantiate your own Development and Production VPCs at various Impact Levels within days with full compliance/security and a baked-in ATO. n Enterprise Solution: we provide the guardrails to the cloud in a standard manner so you can focus on your mission n Fully Automated: All environmental stand-up is managed by Infrastructure as Code, drastically speeding up deployment, reducing manual work, and human error n Centralized Identities and Single-Sign-On (SSO): one login across the Cloud stack n Internet facing Cloud based VPN to connect to IL5 enclaves with a Virtual Internet Access Point (coming within January 2020). n DevSecOps Focused: secure, mission driven deployments are built into the framework to ensure self-service and seamless deployments. Leverages Zero Trust model. n Proactive Scaling and System Monitoring: Mission Owners can see all operational metrics and provide rules and alerts to manage each mission their way n Accreditation Inheritance has been identified in the AF-Cloud One eMASS accounts (AWS & Azure) to include inheritance from the CSP, USAF, DoD and CSSP. All that’s left for the mission is the controls that are unique to them. 19
  • 18. I n t e g r i t y - S e r v i c e - E x c e l l e n c e “Platform One by LevelUP” The Air Force Software Factory Team n Merged top talent across U.S. Air Force from various Factories (Kessel Run, SpaceCAMP and UP. n Helps instantiate DevSecOps CI/CD pipelines / Software Factories within days at various classification levels. n Manages Software Factories for Development teams so they can focus on building mission applications. n Provides Blanket Purchase Agreement (BPA) DoD-wide DevSecOps contracts for Cloud Service, Talent and Licenses. Enables awards every 15/30 days with bulk discounts. n Decouples Development Teams from Factory teams with DevSecOps and Site Reliability Engineer (SRE) expertise. n Partners with Cloud One to provide IL2, 4, 5 and 6 access but also uses C2S/SC2S and various on-premise environments! n Self-learning and training capabilities to enable teams move to Scrum/Kanban/eXtreme Programming (XP) Agile practices. n Leverages the DoD hardened containers while avoiding one-size-fits-all architectures. n Fully compliant with the DoD Enterprise DevSecOps Initiative (DSOP) with DoD-wide reciprocity and an ATO. Leverages Zero Trust model. n Hardens the 172 DoD enterprise containers (databases, development tools, CI/CD tools, cybersecurity tools etc.). n Provides Software Enterprise Services with Collaboration tools, Cybersecurity tools, Source code repositories, Artifact repositories, Development tools, DevSecOps as a Service, Chats etc. These services will be MANAGED services on Cloud One. 20
  • 19. I n t e g r i t y - S e r v i c e - E x c e l l e n c e “Platform One by LevelUP” Managed Services “A La Carte” n Hardened Containers Options n Delivery of hardened enterprise containers with accreditation reciprocity (existing containers only). n Delivery of custom hardened containers as needed. n Continuous Integration / Continuous Delivery (CI/CD) Options n Delivery of existing hardened Kubernetes/OpenShift/PKS playbooks (full Infrastructure as Code). n Delivery of a turnkey CI/CD pipeline (Software Factory) with complete « Infrastructure as Code » to instantiate on any environment (development teams picks the tools from the approved hardened containers) on various classified/unclassified environment. n Training/On-Boarding Options n 1-day training Session: introduction to DevSecOps. Overview and understanding of the vision and activities. n A 3 day introduction to LevelUP DevSecOps tech stack. Hands on code and User-Centered Design (UCD) to deploy your first demo app to production. n A several week full on-boarding, that concludes with an MVP ready for production. n A several month full on-boarding, that concludes with your platform team being able to support your own DevSecOps applications for development and production. n Customized training options (both at our locations or on your premises). n Contracting Support Options n Ability to leverage the DevSecOps BOAs (Cloud Services, Talent and Licenses). n Enable access to DevSecOps engineers/SREs Full-Time-Equivalent (FTEs) (Medics/Counselors) to assist Programs. 21
  • 20. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DoD Enterprise DevSecOps Architecture
  • 21. Bare-metal, GovCloud, AWS Secret, Azure Secret, mil Cloud, C2S, Jedi…*** Elasticsearch DoD Enterprise DevSecOps Platform** 23 DoD Enterprise DevSecOps Architecture* DevSecOps CI/CD pipeline** Kubernetes Optional Abstraction Layer with Red Hat OpenShift or PKS or CNCF compliant Kubernetes Product Artifacts Repository** Sidecar Container Security Stack Centralized DoD Enterprise DevSecOps Artifacts Repository Continuously Hardens Docker Public Images and Assesses Open Source Libraries pulls pulls Program Source code repository Application / Microservices built by DoD Programs. pulls *each DoD Program can have its own instantiation of the DoD Enterprise DevSecOps Platform on any Cloud. ** can be installed with single command and deployed on any Cloud. *** could be deployed inside an enclave or on- premises **** gives complete visibilities of assets, security/vulnerability state etc. can be integrated to existing cybersecurity shared services. DoD OCIO/DISA Centralized Logs/Telemetry****Fluentd Real- time pushes Per DoD Service for Service-wide Visibility Logs/Telemetry**** pulls pulls Microservices Architecture (ISTIO)
  • 22. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Microservices Architecture (ISTIO) 24 n Turnkey Service Mesh (ISTIO) architecture n ISTIO side car proxy, baked-in security, with visibility across containers, by default, without any developer interaction or code change n Benefits: n API Management, service discovery, authentication… n Dynamic request routing for A/B testing, gradual rollouts, canary releases, resilience, observability, retries, circuit breakers and fault injection n Layer 7 Load balancing n Zero Trust model: East/West Traffic Whitelisting, ACL, RBAC… n TLS encryption by default, Key management, signing…
  • 23. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Sidecar Container Security Stack n Baked-in Zero Trust security down to the Container/Function level with Istio (Envoy) and Knative. n Centralized logging and telemetry with Elasticsearch, Fluentd, Kibana (EFK). n Container security: Continuous Scanning, Alerting, CVE scanning, Behavior detection both in development and production (Build, Registry, Runtime) with Twistlock n Container security and insider threat (custom policies detecting unapproved changes to Dockerfiles) with Anchore n Automated STIG compliance with OpenSCAP 25
  • 24. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Platform Stack (continuously evolving)
  • 25. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (1) 27 Source Repository GitHub Government GitLab Container Management technologies: Kubernetes Openshift VMWare Tanzu PKS OKD Rancher (K8S only) D2IQ (K8S only) Docker EE (K8S only) Container Packagers: Helm Kubernetes Operators API Gateways Kong Azure API AWS API Axway 3Scale Apigee ISTIO (service mesh) Artifacts Artifactory Nexus Maven Archiva S3 bucket Programming Languages C/C++ C#/.NET .NET Core Java PHP Python Groovy Ruby R Rust Scala Perl Go Node.JS Swift Databases SQL Server MySQL PostgreSQL MongoDB SQLite Redis Elasticsearch Oracle etcd Hadoop/HDInsight Cloudera Oracle Big Data Solr Neo4J Memcached Cassandra MariaDB CouchDB InfluxDB (time)
  • 26. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (2) 28 Message bus/Streams Kafka Flink Nats RabbitMQ ActiveMQ Proxy Oauth2 proxy nginx ldap auth proxy openldap HA Proxy Visualization Tableau Kibana Logs Logstash Splunk Forwarder Fluentd Syslogd Filebeat rsyslog Webservers Apache2 Nginx IIS Lighttpd Tomcat Docker base images OS: Alpine Busybox Ubuntu Centos Debian Fedora Universal Base Image Serverless Knative
  • 27. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (3) 29 Build MSBuild CMake Maven Gradle Apache Ant Tests suite Cucumber J-Unit Selenium TestingWhiz Watir Sahi Zephyr Vagrant AppVerify nosetests SoapUI LeanFT Test coverage JaCoCo Emma Cobertura codecov CI/CD Orchestration Jenkins (open source) CloudBees Jenkins GitLab Jenkins plugins Dozens (Need to verify security). Configuration Management / Delivery Puppet Chef Ansible Saltstack Security Tenable / Nessus Agents Fortify Twistlock Aqua SonarQBE Qualys StackRox Aporeto Snort OWASP ZAP Contrast Security OpenVAS Metasploit ThreadFix pylint JFrog Xray OpenSCAP (can check against DISA STIG) OpenControl for compliance documentation Security (2) Snyk Code Climate AJAX Spider Tanaguru (508 compliance) InSpec OWASP Dependency-Check Burp HBSS Anchore Checkmarx SD Elements Clair Docker Bench Security Notary Sysdig Layered Insight BlackDuck Nexus IQ/Lifecycle/Firewall
  • 28. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (4) 30 Monitoring Sensu EFK (Elasticsearch, Fluentd, Kibana) Splunk Nagios New Relic Sentry Promotheus Grafana Kiali Collaboration Rocket.Chat Matter.Most PagerDuty Plan Jira Confluence Rally Redmine Pivotal Tracker Secrets Kubernetes Secrets Vault Credentials (Jenkins) CryptoMove SSO Keycloak Documentation Javadoc RDoc Sphinx Doxygen Cucumber phpDocumentator Pydoc Performance Apache AB Jmeter LoadRunner
  • 29. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Legacy to DevSecOps => Strangler Pattern n Martin Fowler describes the Strangler Application: n One of the natural wonders of this area are the huge strangler vines. They seed in the upper branches of a fig tree and gradually work their way down the tree until they root in the soil. Over many years they grow into fantastic and beautiful shapes, meanwhile strangling and killing the tree that was their host. n To get there, the following steps were followed: n First, add a proxy, which sits between the legacy application and the user. Initially, this proxy doesn’t do anything but pass all traffic, unmodified, to the application. n Then, add new service (with its own database(s) and other supporting infrastructure) and link it to the proxy. Implement the first new page in this service. Then allow the proxy to serve traffic to that page (see below). n Add more pages, more functionality and potentially more services. Open up the proxy to the new pages and services. Repeat until all required functionality is handled by the new stack. n The monolith no longer serves traffic and can be switched off. n Learn more: https://www.ibm.com/developerworks/cloud/library/cl-strangler-application-pattern- microservices-apps-trs/index.html and https://www.michielrook.nl/2016/11/strangler-pattern-practice/ 31
  • 30. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (1) n Recommended Videos (Part 1) n Watch our playlists, available at different expertise levels and continuously augmented! n Kafka / KSQL (message bus, pub/sub, event driven): n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlzz0zt03Ludtid7icrXBesg n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxxXX0oCzt7laO6mD61UIQw n Advanced: N/A n Kubernetes n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlydFzQzkYYDdQK7k5cEKubQ n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlx8dSFH_jFLK40Tt7KUXTN_ n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlytdAJiVqbHucWOvn5LrTNW 32
  • 31. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (2) n Recommended Videos (Part 2) n Watch our playlists, available at different expertise levels and continuously augmented! n Service Mesh n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxtC4rDIMQ8QiG5UBCjz7VH n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlwWK_Y_Cas8Nyw-DsdbH6vl n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlx8VW2MFONMRwS_-2rSJwdn n Microservices n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlz_U2_RaONTGYLkz0lh-A_L n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxqjuAXxoRMjvspaEE8L2cB n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlw4CF4F4t3gVV3j0512CMsu 33
  • 32. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (3) n Recommended Books n A Seat at the Table – by Mark Schwartz (former CIO of USCIS, leader in Agile) This book is highly recommended for ALL leadership as it is not technical but focused on the challenges around business, procurement and how leadership can enable DevOps across the organization and remove impediments. n The Phoenix Project – by the founders of DevOps n The DevOps Handbook – by Gene Kim, Patrick Debois. For those who drive to work like me (for hours), please note that these books are available as Audiobooks. 34
  • 33. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Thank You! Nicolas Chaillan Chief Software Officer, U.S. Air Force usaf.cso@mail.mil
  • 34. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Backup Slides
  • 35. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Nicolas Chaillan - Presenter n Nicolas M. Chaillan is the Chief Software Officer at the U.S. Air Force and the Co-Lead for the DoD Enterprise DevSecOps Initiative. n He is the former Special Advisor for Cloud Security and DevSecOps at OSD, A&S. n He was the Special Advisor for Cybersecurity at the Department of Homeland Security and the Chief Architect for Cyber.gov, the new robust, innovative and holistic .Gov cyber security architecture for all .gov agencies. n Chaillan is a technology entrepreneur, software developer, cyber expert and inventor. He is recognized as one of France’s youngest entrepreneurs after founding his first company at 15 years of age. n With 19 years of international tech, entrepreneurial and management experience, Chaillan is the founder of more than 12 companies, including AFTER-MOUSE.COM, Prevent-Breach, anyGuest.com, and more. n Over the last eight years alone, he has created and sold over 180 innovative software products to 40 Fortune 500 companies. n Chaillan is recognized as a pioneer of the computer language PHP. 37 Chief Software Officer
  • 36. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Thank You! Nicolas Chaillan Chief Software Officer, U.S. Air Force nicolas.m.chaillan.civ@mail.mil