14. How do you “shift left” incident response?
Those who build something define the procedures to fix it
Those who build something fix it when it breaks
1
2
15. How do you “shift left” incident response?
Those who build something define the procedures to fix it
Those who build something fix it when it breaks
1
2
16. How do you “shift left” incident response?
But...
Those who build something define the procedures to fix it
Those who build something fix it when it breaks
1
2
17. How do you “shift left” incident response?
But...
How do you safely and securely give out access?
Those who build something define the procedures to fix it
Those who build something fix it when it breaks
1
2
18. How do you “shift left” incident response?
But...
How do you safely and securely give out access?
How do you enable the experts to contribute remediations?
Those who build something define the procedures to fix it
Those who build something fix it when it breaks
1
2
19. How do you “shift left” incident response?
But...
How do you safely and securely give out access?
How do you enable the experts to contribute remediations?
How do you give visibility into operations?
Those who build something define the procedures to fix it
Those who build something fix it when it breaks
1
2
20. How do you “shift left” incident response?
But...
How do you safely and securely give out access?
How do you enable the experts to contribute remediations?
How do you give visibility into operations?
How do you do postmortems days/weeks/months later?
Those who build something define the procedures to fix it
Those who build something fix it when it breaks
1
2
24. Shift Left Step 3: Connect with Enterprise Management Systems
25. Shift Left Step 4: Make Compliance Really Happy
Who created the procedure?
Who reviewed it? Who? When? Where? Approval trail?
26. Pay for it with ROI outside of Security
Mark
Maun
Jody
Mulkey
Ticketmaster’s “Support at the Edge” model
• Empowered support teams with self-service ops tasks
• Automated Ops procedures written/vetted by the delivery teams
• Expanded who could take action, but ops remained in full control of
the policy
27. Pay for it with ROI outside of Security
Mark
Maun
Jody
Mulkey
Ticketmaster’s “Support at the Edge” model
• Empowered support teams with self-service ops tasks
• Automated Ops procedures written/vetted by the delivery teams
• Expanded who could take action, but ops remained in full control of
the policy
Sources: https://www.youtube.com/watch?v=_hr4KiB19bQ
http://rundeck.org/stories/mark_maun.html
• Removed multiple days of effort from throughout the lifecycle
• Reduced escalations by 30% - 40% and overall support incident
costs by 55%
• Reduced mean time to repair (MTTR) by 50% - 150%
28. Want to talk more about “shift left” and operations?
@alexhonor
alex@simplifyops.com
My colleague who
thinks a lot about
these solutions