1) The DevSecOps-London Gathering meets monthly to discuss topics related to integrating security into DevOps practices.
2) Over the past year and a half, they have covered topics such as threat modeling, security automation, container security, and scaling security operations.
3) Recent meetings have focused on Kubernetes and Istio security best practices.
2. WAYS TO STAY IN TOUCH
https://www.meetup.com/DevSecOps-London-Gathering
https://twitter.com/DevSecOps_LG
https://www.linkedin.com/company/devsecops-london-gathering
https://github.com/DevSecOps-LondonGathering
https://www.youtube.com/channel/UCR4oVMkRjNN2OQaWMiBcfJA
😇 🙏 🤮
3. THE JOURNEY SO FAR … 1
• September 2017
• DevSecOps Engineer
http://slides.com/chossrutter/securing#/17
• Project Management Experience: Security in Agile
https://www.slideshare.net/MichaelMan11/project-management-experience-security-in-agile-1309
• October 2017
• Practical Threat Modelling
http://slides.com/chossrutter/securing-6
• Threat Modelling Automation
http://slides.com/mattjoyce/automatetm#/
• December 2017
• Security Automation in DevOps
https://www.slideshare.net/MichaelMan11/dev-secops-testautomation
https://www.slideshare.net/MichaelMan11/dynaminet-devsecops
4. THE JOURNEY SO FAR … 2
• February 2018
• DevSecOps: The Evolution of DevOps
https://www.slideshare.net/MichaelMan11/devsecops-the-evolution-of-devops
• March 2018
• The mechanics behind how attackers exploit simple programming mistakes
https://www.slideshare.net/MichaelMan11/the-mechanics-behind-how-attackers-exploit-simple-programming-
mistakes
• April 2018
Secret Dragons – Harder To Execute
• https://www.slideshare.net/MichaelMan11/vulnerability-management-in-devsecops-easy-concept-but-
harder-to-execute
• https://www.slideshare.net/MichaelMan11/secret-management-journey-here-be-dragons-aka-secret-
dragons
5. THE JOURNEY SO FAR … 3
• May 2018
• Continuous Security: From tins to containers - now what!
https://www.slideshare.net/MichaelMan11/continuous-security-from-tins-to-containers-now-what
• June 2018
• The Bastion Server That Isn't There ...
https://www.slideshare.net/MichaelMan11/the-bastion-server-that-isnt-there-joshua-kite
• July 2018
• Scale Security For A Dollar Or Less
https://www.slideshare.net/secfigo/scale-security-for-a-dollar-or-less/
• Threat Modelling: The Ultimate DevSecOps
https://speakerdeck.com/zeroxten/threat-modeling-the-ultimate-devsecops
• Practical Steps For Securing Containers
https://www.slideshare.net/MichaelMan11/practical-steps-for-securing-containers-liz-rice
6. THE JOURNEY SO FAR … 4
• August 2018
• Bringing Rapid Prototyping To The Threat Model Process
https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs
• September 2018 [YouTube]
How To Save A Burning Programme! Aubrey Stearn
Implementing SAST IRL Kaveh Goudarzi and Michael Man
Micro Threat Modelling For Agile Delivery Works Chris Rutter
Real World Security Stuart Gunter
Vulnerability Management At Scale At Facebook Alexandre Fiori
• November 2018
Hot Topics: Multiple releases a day, what security testing should be considered and adopted?
7. THE JOURNEY SO FAR … 5
• January 2019 [YouTube]
• Kubernetes Security
https://www.slideshare.net/MichaelMan11/control-plane-continuous-kubernetes-security-devsecops-london-
gathering-january-2019
• Introduction to Istio
https://www.slideshare.net/MichaelMan11/matt-turner-istio-the-packetseye-view-devsecops-london-gathering-
january-2019
• Security Rationale for Istio
https://www.slideshare.net/MichaelMan11/control-plane-security-rationale-for-istio-devsecops-london-gathering-
january-2019
• February 2019
After taking a decision to establish DevSecOps mindset at an organisation, what key skills and
experience (cultural as well as technical) should I look for in a first hire?