SlideShare a Scribd company logo

NewOps Days 2019: The New Ways of Chaos, Security, and DevOps

James Wickett
James Wickett

DevOps and the subsequent move bring security in under the umbrella of DevSecOps has created a new an ethos for security. This is good, however moving security and devops closer together in many organizations leaves us with questions of how this merge works in practice. What happens to security? To developers? And where does= chaos engineering fit in? This talk highlights security's place in DevOps and how topics ranging from empathy to chaos to system safety fit in organizations today. The hope is to uncover a new playbook for devs, ops, and security to work together.

Software
1 of 157
Download to read offline
JAMES WICKETT Sr. Sec Eng & Dev Advocate @ Verica Author, LinkedIn Learning Organizer, DevOps Days Austin, Serverless Days ATX, DevSecOps Days Austin Author, DevSecOps Handbook (In progress) @wickett
wickett@verica.io
VERICA.IO An enterprise platform for Continuous Verification, using Chaos Engineering principles, to take a proactive and measured approach to preventing availability and security incidents. @wickett
DEVSECOPS @wickett
credit to Josh Zimmerman, the original DevOps Jack Handy
DEVSECOPS @wickett
BUT, WHY? @wickett
FIRST, UNDERSTAND DEVOPS AND HOW WE GOT HERE @wickett
TEH CLOUD @wickett
DATASo Big Right Now @wickett
ALL THE WAY DOWN @wickett
YASSS! OPS (and security) FOR FREE!@wickett
DevOps grew hand-in-hand with cloud @wickett
DEVOPS WAS INEVITABLE @wickett
DevOps is the inevitable result of needing to do efficient operations in a distributed computing and cloud environment. Tom Limoncelli @wickett
DevOps is an epistemological breakthrough joining disparate people around a common problem @wickett
DevOps was needed to fix the inequitable distribution of labor @wickett
10:1 DEV:OPS @wickett
DevOps is not a technological problem. DevOps is a business problem. - Damon Edwards @wickett
DevOps is just another waypoint on Agile's journey across the business @wickett
DevOps is the application of Agile methodology to system administration — The Practice of Cloud System Administration Book @wickett
Ok DevOps, that's fine. But why DevSecOps? @wickett
I ASKED MYSELF THIS SAME QUESTION @wickett
@wickett
Security finds itself in the same position that operations did in the movement of DevOps @wickett
100:10:1 DEV:OPS:SEC @wickett
SILOIZATION @wickett
Security, like ops struggles to provide value in most organizations @wickett
Companies are spending a great deal on security, but we read of massive computer-related attacks. Clearly something is wrong. The root of the problem is twofold: we’re protecting the wrong things, and we’re hurting productivity in the process. @wickett
[Security by risk assessment] introduces a dangerous fallacy: that structured inadequacy is almost as good as adequacy and that underfunded security efforts plus risk management are about as good as properly funded security work @wickett
While engineering teams are busy deploying leading-edge technologies, security teams are still focused on fighting yesterday’s battles. SANS 2018 DevSecOps Survey @wickett
95%OF SECURITY PROFESSIONALS SPEND THEIR TIME PROTECTING LEGACY APPLICATIONS @wickett
TECH BURDEN CAN ONLY BE TRANSFERRED @wickett
SECURITY BURDEN IS NOT CREATED OR DESTROYED, MERELY TRANSFERRED @wickett
"MANY SECURITY TEAMS WORK WITH A WORLDVIEW WHERE THEIR GOAL IS TO inhibit change AS MUCH AS POSSIBLE" @wickett
New technology (cloud, k8s, serverless, ...) and increased organization focus on software delivery is why we need DevSecOps. @wickett
A Highly Desireable New Breed: THE DEVSECOP @wickett
...not a tool …not a CI/CD pipeline with security in it ...can’t be bought on an expo floor @wickett
An inclusive person participating in the movement of security into devops. @wickett
DEVSECOPS @wickett
DEVSECOPS FRAMEWORK: MEASURE@wickett
MEASURE DEVSECOPS Maker Driven Experimenting Automating Safety Aware Unrestrained Sharing Ruggedizing Empathy First
MEASURE @wickett
MAKER DRIVEN @wickett
We are software engineers who specialize in a specific discipline: security @wickett
SECURITY MUST BE ABLE TO WRITE CODE@wickett
Why is this considered a hot take in our industry? @wickett
With all the resources available today... @wickett
ADOPT THE MAKER MINDSET @wickett
SECURITY ALREADY USES DSLS @wickett
The Entire Security Team Must Write Code Shannon Lietz, Intuit Aaron Rinehart, United Health Group @wickett
WHY IS THIS IMPORTANT? ▸ Empathy building ▸ Familiarity with tools ▸ Able to move up the pipeline @wickett
A BUG IS A BUG IS A BUG @wickett
Defect Density studies range from .5 to 10 defects per KLOC @wickett
DEFECT DENSITY IS NEVER ZERO @wickett
But my application is just a few lines of code @wickett
222 Lines of Code 5 Direct Dependencies 54 total deps (including indirect) (example from snyk.io) @wickett
460,046 LOC @wickett
You cannot train developers to write secure code @wickett
INSTEAD, FOCUS ON METHODS DEVELOPERS USE ▸ TDD/BDD/ATDD ▸ Meaningful comments/commits ▸ Code Smells, Refactoring ▸ Instrumentation @wickett
The goal should be to come up with a set of automated tests that probe and check security configurations and runtime system behavior for security features that will execute every time the system is built and every time it is deployed.
Security is connected with quality @wickett
MAKER DRIVEN means ▸ See security as part of engineering ▸ View quality as a way to bring security in ▸ Use code, not vendors to solve problems @wickett
MEASURE @wickett
EXPERIMENTING(AND LEARNING) @wickett
BENEFITS TO EXPERIMENTATION ▸ Measured, Repeatable ▸ Results based on your needs @wickett
@wickett
DETECT WHAT MATTERS ▸ Account takeover attempts ▸ Areas of the site under attack ▸ Most likely vectors of attack ▸ Business logic flows ▸ Abuse and Misuse @wickett
We can't cede home field advantage — Zane Lackey @wickett
EXPERIMENTING NECESSITATES UNDERSTANDING STEADY STATE @wickett
RESOURCES ▸ Shannon Lietz (@devsecops) ▸ DOES 2018 Talk: youtu.be/ yuOuVC8xljw @wickett
MEASURE @wickett
AUTOMATION OF THINGS @wickett
@wickett
@wickett
AUTOMATION PROVIDES FEEDBACK ▸ Pre-commit ▸ At build ▸ Deploy ▸ Runtime @wickett
@wickett
Continuous Delivery is how little you can deploy at one time — Jez Humble & David Farley @wickett
At Signal Sciences, we optimized total cycle time--from code commit to running in prod @wickett
15,000 DEPLOYS IN 3.5 YEARS @wickett
SECURITY IN THE PIPELINE ▸ Software composition analysis ▸ Lang linters, git-hound, ... ▸ Scanners, gauntlt ▸ Monitoring and telemetry @wickett
[Deploys] can be treated as standard or routine changes that have been pre-approved by management, and that don’t require a heavyweight change review meeting.
RESOURCES @wickett
linkedin.com/learning/devsecops-building- a-secure-continuous-delivery-pipeline @wickett
linkedin.com/learning/devsecops- automated-security-testing @wickett
MEASURE @wickett
SAFETY FOR COMPLEX SYSTEMS @wickett
Two Stories of Failure @wickett
A PERSONAL PLIGHT @wickett
@wickett
5 Why's and Linear Questioning is Flawed @wickett
WE ABSTRACT COMPLEXITY ▸ Human beings ▸ Societial issues ▸ Psychological issues ▸ Cognitive load @wickett
SOFTWARE DEALS WITH COMPLEXITY THROUGH ABSTRACTION @wickett
ROOT CAUSE IS A MYTH ▸ Lacks full picture ▸ Blame culture ▸ Forgets organizational decisions ▸ Puts the focus on the event over situation ▸ Complex systems are not linear @wickett
Drifting into failure is a gradual, incremental decline into disaster driven by environmental pressure, unruly technology and social proccesses that normalize growing risk. No organization is exempt from drifting into failure
BOEING 737MAX ▸ Maneuvering Characteristics Augmentation System (MCAS) keeps the bigger plane from stalling ▸ In certain situations, MCAS commands the trim in this condition without notifying the pilots ▸ The MCAS is automation software @wickett
▸ Events unfolded in minutes ▸ Software was fighting the pilots silently ▸ The "system" was mimicking every 737 they had ever operated @jpaulreed
HIGH-SPEED DECISION MAKING SOUNDS FAMILIAR, DOESN'T IT? @wickett
SOFTWARE IS EATING THE WORLD @wickett
The growth of complexity in society has got ahead of our understainding of how complex systems work and fail
@wickett
@wickett
Operations and Security's burden to rationalize system models @wickett
Failures are a systems problem because there is not enough safety margin. — @adrianco
Failure is an inevitable by- product of a complex system's normal functioning
WHERE SECURITY FITS ▸ Add safety margin ▸ Telemetry and instrumentation ▸ Blameless retros ▸ ...more to explore in this area @wickett
RESOURCES ▸ Drift into Failure by Dekker ▸ Understanding Human Error Video Series youtu.be/Fw3SwEXc3PU ▸ @jpaulreed coverage of Boeing medium.com/@jpaulreed ▸ Richard Cook paper bit.ly/2ydDQS2 @wickett
MEASURE @wickett
UNRESTRAINED SHARING @wickett
Culture is the most important aspect to devops succeeding in the enterprise — Patrick DeBois
DevSecOps is the extension of the DevOps culture for the inclusion of Security @wickett
A security team who embraces openness about what it does and why, spreads understanding. — Rich Smith
SHARING AFFECTS CULTURE @wickett
Unrestrained Sharing goes against security's standard operating procedure @wickett
IT MIGHT FEEL UNCOMFORTABLE @wickett
SHARING BREAKS DOWN SILOS@wickett
FOUR KEYS TO CULTURE ▸ Mutual Understanding ▸ Shared Language ▸ Shared Views ▸ Collaborative Tooling @wickett
@wickett
SECURITY SHARES THROUGH ▸ Making invisible as visible ▸ Security Observability ▸ APIs, webhooks, dev tooling @wickett
Security Observability gives applications the ability to expose the attacks that are happening below the surface with feedback to devs, ops, and security. @wickett
A PAVED ROAD APPROACH ▸ Security as normal ▸ Security is "free" ▸ Jason Chan and Netflix
THIS INCLUDES THE AUDITORS@wickett
RESOURCES ▸ Phoenix Project ▸ Agile Application Security ▸ dearauditor.org @wickett
MEASURE @wickett
RUGGEDIZATION @wickett
SOFTWARE BILL OF MATERIALS KNOW WHAT YOU HAVE @wickett
FAVOR SHORT LIVED SYSTEMS CATTLE NOT PETS @wickett
DIE FRAMEWORK ▸ Distributed ▸ Immutable ▸ Ephemeral ▸ source: @sounilyu @wickett
RUGGEDIZATION IN 2020 ▸ Deception ▸ Chaos Engineering @wickett
DECEPTION ▸ Honeypots, Tarpits, Mantraps ▸ Simple to get started (http headers) ▸ HoneyPy, DeceptionLogic @wickett
We’re moving from disaster recovery to chaos engineering to resiliency — @adrianco @wickett
[Chaos Engineering is] empirical rather than formal. We don’t use models to understand what the system should do. We run experiments to learn what it does. — Michael Nygard, Release It 2nd Ed. @wickett
CHAOS ENGINEERING ▸ Experiments that span eng and security ▸ Manual opt-out ▸ Valuable Learning ▸ ChaosSlingr, CHAP, ChaosMonkey @wickett
RESOURCES ▸ Aaron Rinehart's talk at RSA youtu.be/wLlME4Ve1go ▸ Release It! 2nd ed., Nygard ▸ Phillip Maddux's talk: youtu.be/k81xKjCEeqE ▸ Herb Todd's talk: youtu.be/Cf_XXmRLnRQ @wickett
MEASURE @wickett
EMPATHY BASED TEAMS @wickett
"those stupid developers" — Security @wickett
"you want a machine powered off and unplugged" — Developer @wickett
DON’T BE A BLOCKER BE AN ENABLER @wickett
MEASURE DEVSECOPS Maker Driven Experimenting Automating Safety Aware Unrestrained Sharing Ruggedizing Empathy First
SHARE YOUR STORY book@devsecops.org @wickett
wickett@verica.io

Recommended

A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
James Wickett
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
James Wickett
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
James Wickett
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
James Wickett
 
DevSecOps and the New Path Forward
DevSecOps and the New Path ForwardDevSecOps and the New Path Forward
DevSecOps and the New Path Forward
James Wickett
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
James Wickett
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
James Wickett
 

Recommended

A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
James Wickett
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
James Wickett
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
James Wickett
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
James Wickett
 
DevSecOps and the New Path Forward
DevSecOps and the New Path ForwardDevSecOps and the New Path Forward
DevSecOps and the New Path Forward
James Wickett
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
James Wickett
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
James Wickett
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
James Wickett
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
James Wickett
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
James Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
James Wickett
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Erkang Zheng
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
James Wickett
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
James Wickett
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
James Wickett
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
Uchit Vyas ☁
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Tom Stiehm
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
Kevin Fealey
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
Franklin Mosley
 
AllTheTalks Security Chaos Engineering
AllTheTalks Security Chaos Engineering AllTheTalks Security Chaos Engineering
AllTheTalks Security Chaos Engineering
Aaron Rinehart
 
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSecAppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
James Wickett
 
AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019 AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019
Aaron Rinehart
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsTop 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Deborah Schalm
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
James Wickett
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
VMware Tanzu
 

More Related Content

What's hot

A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
James Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
James Wickett
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
James Wickett
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
Uchit Vyas ☁
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
Kevin Fealey
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
Franklin Mosley
 
AllTheTalks Security Chaos Engineering
AllTheTalks Security Chaos Engineering AllTheTalks Security Chaos Engineering
AllTheTalks Security Chaos Engineering
Aaron Rinehart
 

What's hot (20)

The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
 
AllTheTalks Security Chaos Engineering
AllTheTalks Security Chaos Engineering AllTheTalks Security Chaos Engineering
AllTheTalks Security Chaos Engineering
 
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSecAppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
 
AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019 AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsTop 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management Teams
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 

Similar to NewOps Days 2019: The New Ways of Chaos, Security, and DevOps

Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
James Wickett
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
VMware Tanzu
 
How to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application SecurityHow to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application Security
James Wickett
 
New Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application SecurityNew Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application Security
James Wickett
 
103 Understanding Technical Debt
103 Understanding Technical Debt103 Understanding Technical Debt
103 Understanding Technical Debt
ProductCamp Boston
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
James Wickett
 
Microsoft, Citrix and SCOM: EOL or a New Beginning ?
Microsoft, Citrix and SCOM: EOL or a New Beginning ?Microsoft, Citrix and SCOM: EOL or a New Beginning ?
Microsoft, Citrix and SCOM: EOL or a New Beginning ?
eG Innovations
 
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
eG Innovations
 

Similar to NewOps Days 2019: The New Ways of Chaos, Security, and DevOps (20)

Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
 
How to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application SecurityHow to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application Security
 
Epistemological Problem of Application Security
Epistemological Problem of Application SecurityEpistemological Problem of Application Security
Epistemological Problem of Application Security
 
New Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application SecurityNew Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application Security
 
Application Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldApplication Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery World
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
 
Understanding Technical Debt: A Primer for Product Owners and Founders
Understanding Technical Debt: A Primer for Product Owners and FoundersUnderstanding Technical Debt: A Primer for Product Owners and Founders
Understanding Technical Debt: A Primer for Product Owners and Founders
 
103 Understanding Technical Debt
103 Understanding Technical Debt103 Understanding Technical Debt
103 Understanding Technical Debt
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOps
 
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSecInnotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
 
Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!
 
Going Cloud Native
Going Cloud NativeGoing Cloud Native
Going Cloud Native
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
 
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG EnterpriseA Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
 
JavaOne 2015: 14 Key Lessons, you should learn
JavaOne 2015: 14 Key Lessons, you should learnJavaOne 2015: 14 Key Lessons, you should learn
JavaOne 2015: 14 Key Lessons, you should learn
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Microsoft, Citrix and SCOM: EOL or a New Beginning ?
Microsoft, Citrix and SCOM: EOL or a New Beginning ?Microsoft, Citrix and SCOM: EOL or a New Beginning ?
Microsoft, Citrix and SCOM: EOL or a New Beginning ?
 
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
 
Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?
 

More from James Wickett

More from James Wickett (10)

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
 
DevSecOps in the Year 2018
DevSecOps in the Year 2018DevSecOps in the Year 2018
DevSecOps in the Year 2018
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless Application
 
Serverless Security at LASCON 2017
Serverless Security at LASCON 2017Serverless Security at LASCON 2017
Serverless Security at LASCON 2017
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
 

Recently uploaded

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 

Recently uploaded (20)

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 

NewOps Days 2019: The New Ways of Chaos, Security, and DevOps