SlideShare a Scribd company logo

The Changing Landscape of Information Security

D
DevSecOpsSg

This document discusses trends in information security including the rise of DevSecOps, hybrid IT environments, and increased automation. It notes how security is becoming integrated earlier in the development process from design through deployment. Teams now recognize security as a shared responsibility and develop blueprints to provide clarity on security approaches.

Technology
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
The Changing Landscape of Information Security 1 Applications DevSecOps Hybrid IT Automation Viren Mantri All views expressed here are entirely mine, do not represent those of my current and past employers.
2 Backdrop • Criminals Profit • Espionage Intelligence • Warriors Disruption • Terrorists Ideology • The question is not whether but when? Cyber attacks
Current era
4 Rigidity à Agility
5 DevSecOps – on a lighter note No offence meant J
6 DevSecOps – on a serious note o Baking security in design o From BRD/FSD to weekly huddles and feature releases o Externalizing authentication and authorization o Using encryption and tokenization for data protection o Building resilience to vulnerabilities and exploits o Educating developers on security
7 DevOps ToolSet • Developer scan • Build scan • Infrastructure • Automation • Vulnerability reporting • Remediation workflow • Risk assessment • Security dashboard SCM Build Deploy Cloud OS Security Repo Package Release IaaS VM Scanning CI Provision Test PaaS App/Web VA Workflow Config Monitoring SaaS DB PenTest
8 Traceability is key
9 Hybrid IT • Growing acceptance • Initial euphoria over (in)security mellowed • Cloud providers challenging On-Prem • Need to support legacy while striving to be agile • Agility flexes rigidity, breaks down silos
10 Automation • The right level eliminates inefficiencies • Delivers economies of scale • Ensures repeatable processes
11 Matured teams • Recognize Information security is everyone’s business • Develop a blueprint providing clarity and rationale • Know why we are doing what we are doing
12 Questions vm@greyorbits.com

More Related Content

PDF
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon
 
PDF
Behavior-Based Defense in ICS
Dragos, Inc.
 
PDF
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
PDF
Securing the container DevOps pipeline by William Henry
DevSecCon
 
PPTX
TRISIS in Perspective
Dragos, Inc.
 
PPTX
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
 
PPTX
The road goes ever on and on by Ciaran Conliffe
DevSecCon
 
PPTX
The Four Types of Threat Detection and Use Cases in Industrial Security
Dragos, Inc.
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon
 
Behavior-Based Defense in ICS
Dragos, Inc.
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
Securing the container DevOps pipeline by William Henry
DevSecCon
 
TRISIS in Perspective
Dragos, Inc.
 
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
 
The road goes ever on and on by Ciaran Conliffe
DevSecCon
 
The Four Types of Threat Detection and Use Cases in Industrial Security
Dragos, Inc.
 

What's hot (20)

PDF
Threat Modeling workshop by Robert Hurlbut
DevSecCon
 
PDF
Managing third party libraries
n|u - The Open Security Community
 
PDF
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
PPTX
The How and Why of Container Vulnerability Management
Tim Mackey
 
PDF
Security Starts at the Endpoint
Elasticsearch
 
PDF
Why does security matter for devops by Caroline Wong
DevSecCon
 
PPTX
Secure application deployment in Apache CloudStack
Tim Mackey
 
PDF
Dev week cloud world conf2021
Archana Joshi
 
PPTX
Security in the age of open source - Myths and misperceptions
Tim Mackey
 
PPTX
Security in the Age of Open Source
Black Duck by Synopsys
 
PPTX
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
PPTX
The path of secure software by Katy Anton
DevSecCon
 
PPTX
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
PPTX
Managing Open Source in Application Security and Software Development Lifecycle
Black Duck by Synopsys
 
PPTX
Secure application deployment in the age of continuous delivery
Tim Mackey
 
PDF
Renato Rodrigues - Security in the wild
DevSecCon
 
PDF
Outpost24 webinar - A day in the life of an information security professional
Outpost24
 
PDF
Myths and Misperceptions of Open Source Security
Black Duck by Synopsys
 
PDF
Vulnerability Management – Opportunities and Challenges!
Outpost24
 
PDF
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Threat Modeling workshop by Robert Hurlbut
DevSecCon
 
Managing third party libraries
n|u - The Open Security Community
 
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
The How and Why of Container Vulnerability Management
Tim Mackey
 
Security Starts at the Endpoint
Elasticsearch
 
Why does security matter for devops by Caroline Wong
DevSecCon
 
Secure application deployment in Apache CloudStack
Tim Mackey
 
Dev week cloud world conf2021
Archana Joshi
 
Security in the age of open source - Myths and misperceptions
Tim Mackey
 
Security in the Age of Open Source
Black Duck by Synopsys
 
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
The path of secure software by Katy Anton
DevSecCon
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
Managing Open Source in Application Security and Software Development Lifecycle
Black Duck by Synopsys
 
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Renato Rodrigues - Security in the wild
DevSecCon
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24
 
Myths and Misperceptions of Open Source Security
Black Duck by Synopsys
 
Vulnerability Management – Opportunities and Challenges!
Outpost24
 
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Ad

Viewers also liked (20)

PPTX
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
PDF
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
PDF
DevSecOps in Baby Steps
Priyanka Aash
 
PDF
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
PDF
DevSecOps - The big picture
Stefan Streichsbier
 
PDF
Integrating DevOps and Security
Stijn Muylle
 
PPTX
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
PDF
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
PDF
PCI DSS Data Security Compliance Program Overview
- Mark - Fullbright
 
PPTX
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
PDF
IT Security landscape and the latest threats and trends
Sophos Benelux
 
PPTX
Vendor Landscape: Email Security Gateway
Info-Tech Research Group
 
PPTX
Cyber Security Lessons from the NSA
CipherCloud
 
PDF
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Knowledge Group
 
PDF
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 
PDF
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
DevSecCon
 
PDF
Dev seccon london 2016 intelliment security
DevSecCon
 
PPT
DevSecOps Singapore introduction
Stefan Streichsbier
 
PDF
RoboCop: Bringing Law and Order to CI/CD
Franklin Mosley
 
PPT
DevSecOps SG Introduction - August Meetup
DevSecOpsSg
 
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
DevSecOps in Baby Steps
Priyanka Aash
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
DevSecOps - The big picture
Stefan Streichsbier
 
Integrating DevOps and Security
Stijn Muylle
 
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
PCI DSS Data Security Compliance Program Overview
- Mark - Fullbright
 
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
IT Security landscape and the latest threats and trends
Sophos Benelux
 
Vendor Landscape: Email Security Gateway
Info-Tech Research Group
 
Cyber Security Lessons from the NSA
CipherCloud
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Knowledge Group
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
DevSecCon
 
Dev seccon london 2016 intelliment security
DevSecCon
 
DevSecOps Singapore introduction
Stefan Streichsbier
 
RoboCop: Bringing Law and Order to CI/CD
Franklin Mosley
 
DevSecOps SG Introduction - August Meetup
DevSecOpsSg
 
Ad

Similar to The Changing Landscape of Information Security (20)

PPTX
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
PDF
The What, Why, and How of DevSecOps
Cprime
 
PPTX
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
PDF
Deepfence.pdf
Vishwas N
 
PPTX
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24
 
PDF
The Principles of Secure Development - BSides Las Vegas 2009
Security Ninja
 
PDF
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
PPTX
DevSecOps : an Introduction
Prashanth B. P.
 
PPTX
Started In Security Now I'm Here
Christopher Grayson
 
PPTX
Defining DevSecOps
Uchit Vyas ☁
 
PDF
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
PPTX
Starting your Career in Information Security
Ahmed Sayed-
 
PDF
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
 
PPTX
The New Security Practitioner
Adrian Sanabria
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
PPTX
Moving Security to the Left
Javier Godinez
 
PDF
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
PDF
The Intersection of Security & DevOps
Alert Logic
 
PPTX
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
PDF
The Intersection of Security & DevOps
Alert Logic
 
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
The What, Why, and How of DevSecOps
Cprime
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
Deepfence.pdf
Vishwas N
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24
 
The Principles of Secure Development - BSides Las Vegas 2009
Security Ninja
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
DevSecOps : an Introduction
Prashanth B. P.
 
Started In Security Now I'm Here
Christopher Grayson
 
Defining DevSecOps
Uchit Vyas ☁
 
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
Starting your Career in Information Security
Ahmed Sayed-
 
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
 
The New Security Practitioner
Adrian Sanabria
 
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
Moving Security to the Left
Javier Godinez
 
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
The Intersection of Security & DevOps
Alert Logic
 
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
The Intersection of Security & DevOps
Alert Logic
 

Recently uploaded (20)

PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Encapsulation theory and applications.pdf
gurumoop
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 

The Changing Landscape of Information Security

  • 1. The Changing Landscape of Information Security 1 Applications DevSecOps Hybrid IT Automation Viren Mantri All views expressed here are entirely mine, do not represent those of my current and past employers.
  • 2. 2 Backdrop • Criminals Profit • Espionage Intelligence • Warriors Disruption • Terrorists Ideology • The question is not whether but when? Cyber attacks
  • 5. 5 DevSecOps – on a lighter note No offence meant J
  • 6. 6 DevSecOps – on a serious note o Baking security in design o From BRD/FSD to weekly huddles and feature releases o Externalizing authentication and authorization o Using encryption and tokenization for data protection o Building resilience to vulnerabilities and exploits o Educating developers on security
  • 7. 7 DevOps ToolSet • Developer scan • Build scan • Infrastructure • Automation • Vulnerability reporting • Remediation workflow • Risk assessment • Security dashboard SCM Build Deploy Cloud OS Security Repo Package Release IaaS VM Scanning CI Provision Test PaaS App/Web VA Workflow Config Monitoring SaaS DB PenTest
  • 9. 9 Hybrid IT • Growing acceptance • Initial euphoria over (in)security mellowed • Cloud providers challenging On-Prem • Need to support legacy while striving to be agile • Agility flexes rigidity, breaks down silos
  • 10. 10 Automation • The right level eliminates inefficiencies • Delivers economies of scale • Ensures repeatable processes
  • 11. 11 Matured teams • Recognize Information security is everyone’s business • Develop a blueprint providing clarity and rationale • Know why we are doing what we are doing