SlideShare une entreprise Scribd logo

DevSecOps London Gathering March 2019 Recap

Télécharger en tant que PPTX, PDF
M
Michael Man

1) The DevSecOps-London Gathering meets monthly to discuss topics related to integrating security into DevOps practices. 2) Over the past year and a half, they have covered topics such as threat modeling, security automation, container security, and scaling security operations. 3) Recent meetings have focused on Kubernetes and Istio security best practices.

Technologie
1  sur  7
DevSecOps – London Gathering March 2019
WAYS TO STAY IN TOUCH https://www.meetup.com/DevSecOps-London-Gathering https://twitter.com/DevSecOps_LG https://www.linkedin.com/company/devsecops-london-gathering https://github.com/DevSecOps-LondonGathering https://www.youtube.com/channel/UCR4oVMkRjNN2OQaWMiBcfJA 😇 🙏 🤮
THE JOURNEY SO FAR … 1 • September 2017 • DevSecOps Engineer http://slides.com/chossrutter/securing#/17 • Project Management Experience: Security in Agile https://www.slideshare.net/MichaelMan11/project-management-experience-security-in-agile-1309 • October 2017 • Practical Threat Modelling http://slides.com/chossrutter/securing-6 • Threat Modelling Automation http://slides.com/mattjoyce/automatetm#/ • December 2017 • Security Automation in DevOps https://www.slideshare.net/MichaelMan11/dev-secops-testautomation https://www.slideshare.net/MichaelMan11/dynaminet-devsecops
THE JOURNEY SO FAR … 2 • February 2018 • DevSecOps: The Evolution of DevOps https://www.slideshare.net/MichaelMan11/devsecops-the-evolution-of-devops • March 2018 • The mechanics behind how attackers exploit simple programming mistakes https://www.slideshare.net/MichaelMan11/the-mechanics-behind-how-attackers-exploit-simple-programming- mistakes • April 2018 Secret Dragons – Harder To Execute • https://www.slideshare.net/MichaelMan11/vulnerability-management-in-devsecops-easy-concept-but- harder-to-execute • https://www.slideshare.net/MichaelMan11/secret-management-journey-here-be-dragons-aka-secret- dragons
THE JOURNEY SO FAR … 3 • May 2018 • Continuous Security: From tins to containers - now what! https://www.slideshare.net/MichaelMan11/continuous-security-from-tins-to-containers-now-what • June 2018 • The Bastion Server That Isn't There ... https://www.slideshare.net/MichaelMan11/the-bastion-server-that-isnt-there-joshua-kite • July 2018 • Scale Security For A Dollar Or Less https://www.slideshare.net/secfigo/scale-security-for-a-dollar-or-less/ • Threat Modelling: The Ultimate DevSecOps https://speakerdeck.com/zeroxten/threat-modeling-the-ultimate-devsecops • Practical Steps For Securing Containers https://www.slideshare.net/MichaelMan11/practical-steps-for-securing-containers-liz-rice
THE JOURNEY SO FAR … 4 • August 2018 • Bringing Rapid Prototyping To The Threat Model Process https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs • September 2018 [YouTube] How To Save A Burning Programme! Aubrey Stearn Implementing SAST IRL Kaveh Goudarzi and Michael Man Micro Threat Modelling For Agile Delivery Works Chris Rutter Real World Security Stuart Gunter Vulnerability Management At Scale At Facebook Alexandre Fiori • November 2018 Hot Topics: Multiple releases a day, what security testing should be considered and adopted?
THE JOURNEY SO FAR … 5 • January 2019 [YouTube] • Kubernetes Security https://www.slideshare.net/MichaelMan11/control-plane-continuous-kubernetes-security-devsecops-london- gathering-january-2019 • Introduction to Istio https://www.slideshare.net/MichaelMan11/matt-turner-istio-the-packetseye-view-devsecops-london-gathering- january-2019 • Security Rationale for Istio https://www.slideshare.net/MichaelMan11/control-plane-security-rationale-for-istio-devsecops-london-gathering- january-2019 • February 2019 After taking a decision to establish DevSecOps mindset at an organisation, what key skills and experience (cultural as well as technical) should I look for in a first hire?

Recommandé

Publish Your React Component
Publish Your React ComponentPublish Your React Component
Publish Your React ComponentMark Maximus Muskardin
 
Microservices - Voxxed Vilnius 2015
Microservices - Voxxed Vilnius 2015 Microservices - Voxxed Vilnius 2015
Microservices - Voxxed Vilnius 2015Tomasz Szymanski
 
KubeCon 2020 EU Virtual: How we migrated our monolith to K8s
KubeCon 2020 EU Virtual: How we migrated our monolith to K8sKubeCon 2020 EU Virtual: How we migrated our monolith to K8s
KubeCon 2020 EU Virtual: How we migrated our monolith to K8sMauricio (Salaboy) Salatino
 
Gradle
GradleGradle
GradleJéferson Machado
 
DevOps Indonesia Announcement at Home Credit Indonesia
DevOps Indonesia Announcement at Home Credit IndonesiaDevOps Indonesia Announcement at Home Credit Indonesia
DevOps Indonesia Announcement at Home Credit IndonesiaDevOps Indonesia
 
Final presentation switter
Final presentation switterFinal presentation switter
Final presentation switterSoyeongKim8
 
August 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London GatheringAugust 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London GatheringMichael Man
 
How Small Team Get Ready for SRE (public version)
How Small Team Get Ready for SRE (public version)How Small Team Get Ready for SRE (public version)
How Small Team Get Ready for SRE (public version)Setyo Legowo
 

Recommandé

Publish Your React Component
Publish Your React ComponentPublish Your React Component
Publish Your React ComponentMark Maximus Muskardin
 
Microservices - Voxxed Vilnius 2015
Microservices - Voxxed Vilnius 2015 Microservices - Voxxed Vilnius 2015
Microservices - Voxxed Vilnius 2015Tomasz Szymanski
 
KubeCon 2020 EU Virtual: How we migrated our monolith to K8s
KubeCon 2020 EU Virtual: How we migrated our monolith to K8sKubeCon 2020 EU Virtual: How we migrated our monolith to K8s
KubeCon 2020 EU Virtual: How we migrated our monolith to K8sMauricio (Salaboy) Salatino
 
Gradle
GradleGradle
GradleJéferson Machado
 
DevOps Indonesia Announcement at Home Credit Indonesia
DevOps Indonesia Announcement at Home Credit IndonesiaDevOps Indonesia Announcement at Home Credit Indonesia
DevOps Indonesia Announcement at Home Credit IndonesiaDevOps Indonesia
 
Final presentation switter
Final presentation switterFinal presentation switter
Final presentation switterSoyeongKim8
 
August 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London GatheringAugust 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London GatheringMichael Man
 
How Small Team Get Ready for SRE (public version)
How Small Team Get Ready for SRE (public version)How Small Team Get Ready for SRE (public version)
How Small Team Get Ready for SRE (public version)Setyo Legowo
 
DevOps checklist or how to understand where is your team in DevOps landscape ...
DevOps checklist or how to understand where is your team in DevOps landscape ...DevOps checklist or how to understand where is your team in DevOps landscape ...
DevOps checklist or how to understand where is your team in DevOps landscape ...Mikalai Alimenkou
 
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...Lviv Startup Club
 
DevSecOps Manchester - May 2019
DevSecOps Manchester - May 2019DevSecOps Manchester - May 2019
DevSecOps Manchester - May 2019Michael Man
 
Workshop About Software Engineering Skills 2019
Workshop About Software Engineering Skills 2019Workshop About Software Engineering Skills 2019
Workshop About Software Engineering Skills 2019PhuocNT (Fresher.VN)
 
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint Framework
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint FrameworkSwedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint Framework
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint FrameworkDavid Opdendries
 
Cross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript DevelopmentCross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript DevelopmentJeremy Likness
 
Modern SharePoint Development using Visual Studio Code
Modern SharePoint Development using Visual Studio CodeModern SharePoint Development using Visual Studio Code
Modern SharePoint Development using Visual Studio CodeJared Matfess
 
Extract Oct 2019: DSO-LG Rolling Slides
Extract Oct 2019: DSO-LG Rolling SlidesExtract Oct 2019: DSO-LG Rolling Slides
Extract Oct 2019: DSO-LG Rolling SlidesMichael Man
 
Xamarin tools
Xamarin toolsXamarin tools
Xamarin toolsKym Phillpotts
 
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"Daniel Bryant
 
Software development in the modern age
Software development in the modern ageSoftware development in the modern age
Software development in the modern ageRoy Wasse
 
Rakuten and Microsoft talk DevOps in Real World
Rakuten and Microsoft talk DevOps in Real WorldRakuten and Microsoft talk DevOps in Real World
Rakuten and Microsoft talk DevOps in Real WorldTsuyoshi Ushio
 
DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!Sandeep Joshi
 
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Cloud Security Alliance, UK chapter
 
Nsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smartNsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smartNSC42 Ltd
 
data-visulisation-for-agile-analytics-workshop.pptx
data-visulisation-for-agile-analytics-workshop.pptxdata-visulisation-for-agile-analytics-workshop.pptx
data-visulisation-for-agile-analytics-workshop.pptxSyahri Ramadhan
 
Portfolio
PortfolioPortfolio
PortfolioShrey Sangal
 
How to become senior .net developer
How to become senior .net developerHow to become senior .net developer
How to become senior .net developerTung Nguyen Thanh
 
SMC2015: Work Life Hacks
SMC2015: Work Life HacksSMC2015: Work Life Hacks
SMC2015: Work Life HacksAlex Moss
 
CI and CD with Visual Studio Team Services and Azure
CI and CD with Visual Studio Team Services and AzureCI and CD with Visual Studio Team Services and Azure
CI and CD with Visual Studio Team Services and AzureLennart Passig
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)Michael Man
 
K8S Certifications - Exam Cram
K8S Certifications - Exam CramK8S Certifications - Exam Cram
K8S Certifications - Exam CramMichael Man
 

Contenu connexe

Similaire à DevSecOps London Gathering March 2019 Recap

DevOps checklist or how to understand where is your team in DevOps landscape ...
DevOps checklist or how to understand where is your team in DevOps landscape ...DevOps checklist or how to understand where is your team in DevOps landscape ...
DevOps checklist or how to understand where is your team in DevOps landscape ...Mikalai Alimenkou
 
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...Lviv Startup Club
 
DevSecOps Manchester - May 2019
DevSecOps Manchester - May 2019DevSecOps Manchester - May 2019
DevSecOps Manchester - May 2019Michael Man
 
Workshop About Software Engineering Skills 2019
Workshop About Software Engineering Skills 2019Workshop About Software Engineering Skills 2019
Workshop About Software Engineering Skills 2019PhuocNT (Fresher.VN)
 
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint Framework
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint FrameworkSwedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint Framework
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint FrameworkDavid Opdendries
 
Cross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript DevelopmentCross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript DevelopmentJeremy Likness
 
Modern SharePoint Development using Visual Studio Code
Modern SharePoint Development using Visual Studio CodeModern SharePoint Development using Visual Studio Code
Modern SharePoint Development using Visual Studio CodeJared Matfess
 
Extract Oct 2019: DSO-LG Rolling Slides
Extract Oct 2019: DSO-LG Rolling SlidesExtract Oct 2019: DSO-LG Rolling Slides
Extract Oct 2019: DSO-LG Rolling SlidesMichael Man
 
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"Daniel Bryant
 
Software development in the modern age
Software development in the modern ageSoftware development in the modern age
Software development in the modern ageRoy Wasse
 
Rakuten and Microsoft talk DevOps in Real World
Rakuten and Microsoft talk DevOps in Real WorldRakuten and Microsoft talk DevOps in Real World
Rakuten and Microsoft talk DevOps in Real WorldTsuyoshi Ushio
 
DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!Sandeep Joshi
 
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Cloud Security Alliance, UK chapter
 
Nsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smartNsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smartNSC42 Ltd
 
data-visulisation-for-agile-analytics-workshop.pptx
data-visulisation-for-agile-analytics-workshop.pptxdata-visulisation-for-agile-analytics-workshop.pptx
data-visulisation-for-agile-analytics-workshop.pptxSyahri Ramadhan
 
How to become senior .net developer
How to become senior .net developerHow to become senior .net developer
How to become senior .net developerTung Nguyen Thanh
 
SMC2015: Work Life Hacks
SMC2015: Work Life HacksSMC2015: Work Life Hacks
SMC2015: Work Life HacksAlex Moss
 
CI and CD with Visual Studio Team Services and Azure
CI and CD with Visual Studio Team Services and AzureCI and CD with Visual Studio Team Services and Azure
CI and CD with Visual Studio Team Services and AzureLennart Passig
 

Similaire à DevSecOps London Gathering March 2019 Recap (20)

DevOps checklist or how to understand where is your team in DevOps landscape ...
DevOps checklist or how to understand where is your team in DevOps landscape ...DevOps checklist or how to understand where is your team in DevOps landscape ...
DevOps checklist or how to understand where is your team in DevOps landscape ...
 
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...
Кіра Гончарова "Learn and share experience by Dev-Pro: how to develop PM comm...
 
DevSecOps Manchester - May 2019
DevSecOps Manchester - May 2019DevSecOps Manchester - May 2019
DevSecOps Manchester - May 2019
 
Workshop About Software Engineering Skills 2019
Workshop About Software Engineering Skills 2019Workshop About Software Engineering Skills 2019
Workshop About Software Engineering Skills 2019
 
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint Framework
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint FrameworkSwedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint Framework
Swedish SharePoint UserGroup Göteborg Oct 5 2016 SharePoint Framework
 
Cross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript DevelopmentCross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript Development
 
Modern SharePoint Development using Visual Studio Code
Modern SharePoint Development using Visual Studio CodeModern SharePoint Development using Visual Studio Code
Modern SharePoint Development using Visual Studio Code
 
Extract Oct 2019: DSO-LG Rolling Slides
Extract Oct 2019: DSO-LG Rolling SlidesExtract Oct 2019: DSO-LG Rolling Slides
Extract Oct 2019: DSO-LG Rolling Slides
 
Xamarin tools
Xamarin toolsXamarin tools
Xamarin tools
 
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"
GOTO Chicago/CraftConf 2017 "The Seven (More) Deadly Sins of Microservices"
 
Software development in the modern age
Software development in the modern ageSoftware development in the modern age
Software development in the modern age
 
Rakuten and Microsoft talk DevOps in Real World
Rakuten and Microsoft talk DevOps in Real WorldRakuten and Microsoft talk DevOps in Real World
Rakuten and Microsoft talk DevOps in Real World
 
DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!
 
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
 
Nsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smartNsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smart
 
data-visulisation-for-agile-analytics-workshop.pptx
data-visulisation-for-agile-analytics-workshop.pptxdata-visulisation-for-agile-analytics-workshop.pptx
data-visulisation-for-agile-analytics-workshop.pptx
 
Portfolio
PortfolioPortfolio
Portfolio
 
How to become senior .net developer
How to become senior .net developerHow to become senior .net developer
How to become senior .net developer
 
SMC2015: Work Life Hacks
SMC2015: Work Life HacksSMC2015: Work Life Hacks
SMC2015: Work Life Hacks
 
CI and CD with Visual Studio Team Services and Azure
CI and CD with Visual Studio Team Services and AzureCI and CD with Visual Studio Team Services and Azure
CI and CD with Visual Studio Team Services and Azure
 

Plus de Michael Man

5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)Michael Man
 
K8S Certifications - Exam Cram
K8S Certifications - Exam CramK8S Certifications - Exam Cram
K8S Certifications - Exam CramMichael Man
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)Michael Man
 
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...Michael Man
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...Michael Man
 
Sept 2019 - DSO-LG Tooling Examples
Sept 2019 - DSO-LG Tooling ExamplesSept 2019 - DSO-LG Tooling Examples
Sept 2019 - DSO-LG Tooling ExamplesMichael Man
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickMichael Man
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Michael Man
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Michael Man
 
DevSecOps - London Gathering : June 2018
DevSecOps - London Gathering : June 2018DevSecOps - London Gathering : June 2018
DevSecOps - London Gathering : June 2018Michael Man
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Michael Man
 
The mechanics behind how attackers exploit simple programming mistakes ...
The mechanics behind how attackers exploit simple programming mistakes ...The mechanics behind how attackers exploit simple programming mistakes ...
The mechanics behind how attackers exploit simple programming mistakes ...Michael Man
 
Secret Management Journey - Here Be Dragons aka Secret Dragons
Secret Management Journey - Here Be Dragons aka Secret DragonsSecret Management Journey - Here Be Dragons aka Secret Dragons
Secret Management Journey - Here Be Dragons aka Secret DragonsMichael Man
 
DevSecOps March 2018 - Extract
DevSecOps March 2018 - ExtractDevSecOps March 2018 - Extract
DevSecOps March 2018 - ExtractMichael Man
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsMichael Man
 
Dynaminet -DevSecOps
Dynaminet -DevSecOpsDynaminet -DevSecOps
Dynaminet -DevSecOpsMichael Man
 
DevSecOps: Test Automation
DevSecOps: Test AutomationDevSecOps: Test Automation
DevSecOps: Test AutomationMichael Man
 
Project management experience security in agile 1309
Project management experience security in agile 1309Project management experience security in agile 1309
Project management experience security in agile 1309Michael Man
 

Plus de Michael Man (19)

5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
 
K8S Certifications - Exam Cram
K8S Certifications - Exam CramK8S Certifications - Exam Cram
K8S Certifications - Exam Cram
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
 
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
 
Sept 2019 - DSO-LG Tooling Examples
Sept 2019 - DSO-LG Tooling ExamplesSept 2019 - DSO-LG Tooling Examples
Sept 2019 - DSO-LG Tooling Examples
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security Brick
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
 
DevSecOps - London Gathering : June 2018
DevSecOps - London Gathering : June 2018DevSecOps - London Gathering : June 2018
DevSecOps - London Gathering : June 2018
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
 
The mechanics behind how attackers exploit simple programming mistakes ...
The mechanics behind how attackers exploit simple programming mistakes ...The mechanics behind how attackers exploit simple programming mistakes ...
The mechanics behind how attackers exploit simple programming mistakes ...
 
Secret Management Journey - Here Be Dragons aka Secret Dragons
Secret Management Journey - Here Be Dragons aka Secret DragonsSecret Management Journey - Here Be Dragons aka Secret Dragons
Secret Management Journey - Here Be Dragons aka Secret Dragons
 
DevSecOps March 2018 - Extract
DevSecOps March 2018 - ExtractDevSecOps March 2018 - Extract
DevSecOps March 2018 - Extract
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
 
Dynaminet -DevSecOps
Dynaminet -DevSecOpsDynaminet -DevSecOps
Dynaminet -DevSecOps
 
DevSecOps: Test Automation
DevSecOps: Test AutomationDevSecOps: Test Automation
DevSecOps: Test Automation
 
Project management experience security in agile 1309
Project management experience security in agile 1309Project management experience security in agile 1309
Project management experience security in agile 1309
 

Dernier

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Dernier (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

DevSecOps London Gathering March 2019 Recap

  • 1. DevSecOps – London Gathering March 2019
  • 2. WAYS TO STAY IN TOUCH https://www.meetup.com/DevSecOps-London-Gathering https://twitter.com/DevSecOps_LG https://www.linkedin.com/company/devsecops-london-gathering https://github.com/DevSecOps-LondonGathering https://www.youtube.com/channel/UCR4oVMkRjNN2OQaWMiBcfJA 😇 🙏 🤮
  • 3. THE JOURNEY SO FAR … 1 • September 2017 • DevSecOps Engineer http://slides.com/chossrutter/securing#/17 • Project Management Experience: Security in Agile https://www.slideshare.net/MichaelMan11/project-management-experience-security-in-agile-1309 • October 2017 • Practical Threat Modelling http://slides.com/chossrutter/securing-6 • Threat Modelling Automation http://slides.com/mattjoyce/automatetm#/ • December 2017 • Security Automation in DevOps https://www.slideshare.net/MichaelMan11/dev-secops-testautomation https://www.slideshare.net/MichaelMan11/dynaminet-devsecops
  • 4. THE JOURNEY SO FAR … 2 • February 2018 • DevSecOps: The Evolution of DevOps https://www.slideshare.net/MichaelMan11/devsecops-the-evolution-of-devops • March 2018 • The mechanics behind how attackers exploit simple programming mistakes https://www.slideshare.net/MichaelMan11/the-mechanics-behind-how-attackers-exploit-simple-programming- mistakes • April 2018 Secret Dragons – Harder To Execute • https://www.slideshare.net/MichaelMan11/vulnerability-management-in-devsecops-easy-concept-but- harder-to-execute • https://www.slideshare.net/MichaelMan11/secret-management-journey-here-be-dragons-aka-secret- dragons
  • 5. THE JOURNEY SO FAR … 3 • May 2018 • Continuous Security: From tins to containers - now what! https://www.slideshare.net/MichaelMan11/continuous-security-from-tins-to-containers-now-what • June 2018 • The Bastion Server That Isn't There ... https://www.slideshare.net/MichaelMan11/the-bastion-server-that-isnt-there-joshua-kite • July 2018 • Scale Security For A Dollar Or Less https://www.slideshare.net/secfigo/scale-security-for-a-dollar-or-less/ • Threat Modelling: The Ultimate DevSecOps https://speakerdeck.com/zeroxten/threat-modeling-the-ultimate-devsecops • Practical Steps For Securing Containers https://www.slideshare.net/MichaelMan11/practical-steps-for-securing-containers-liz-rice
  • 6. THE JOURNEY SO FAR … 4 • August 2018 • Bringing Rapid Prototyping To The Threat Model Process https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs • September 2018 [YouTube] How To Save A Burning Programme! Aubrey Stearn Implementing SAST IRL Kaveh Goudarzi and Michael Man Micro Threat Modelling For Agile Delivery Works Chris Rutter Real World Security Stuart Gunter Vulnerability Management At Scale At Facebook Alexandre Fiori • November 2018 Hot Topics: Multiple releases a day, what security testing should be considered and adopted?
  • 7. THE JOURNEY SO FAR … 5 • January 2019 [YouTube] • Kubernetes Security https://www.slideshare.net/MichaelMan11/control-plane-continuous-kubernetes-security-devsecops-london- gathering-january-2019 • Introduction to Istio https://www.slideshare.net/MichaelMan11/matt-turner-istio-the-packetseye-view-devsecops-london-gathering- january-2019 • Security Rationale for Istio https://www.slideshare.net/MichaelMan11/control-plane-security-rationale-for-istio-devsecops-london-gathering- january-2019 • February 2019 After taking a decision to establish DevSecOps mindset at an organisation, what key skills and experience (cultural as well as technical) should I look for in a first hire?