SlideShare a Scribd company logo

Ops Happen: Improve Security Without Getting in the Way

S
SeniorStoryteller

The document discusses how operations and security teams are under pressure to deploy code faster while maintaining reliability and security, and proposes a "shift left" approach to incident response where developers define procedures for fixing issues in their code and are responsible for responding to incidents involving that code. It describes a design pattern where organizations establish a secure operations portal, develop an SDLC for operations procedures, and connect with management systems to enable developers to more proactively address operations and security issues.

Technology
1 of 31
Downloaded 61 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Ops Happens: Improve Security Without Getting in the Way February 29, 2016 ● San Francisco Damon Edwards @damonedwards
Damon Edwards Operational Improvement DevOps Consulting Tools
Damon Edwards Operational Improvement DevOps Consulting Tools Community
The Shared Plight of Ops and Security OPS & SEC “Go faster!” “Open it up!” “Be more secure!” “Be more reliable!”
Deployment dominates the conversation 2013 Deployment. Deployment. Continuous Delivery. Deployment. Deployment. Continuous Deployment. Deployment. CI/CD. Deployment. Deployment. Deployment. PaaS. Deployment. IaaS. Deployment. Deployment. Infrastructure as Code. Deployment. Deployment. Deployment. Deployment. Containers. Containers. Deployment. Deployment. Deployment. Docker Deployment. Docker. CaaS. Deployment. Docker. Docker. Docker. Docker. Mesos. Deployment. Kubernetes. Deployment. Microservices. Deployment. Deployment. Docker. 2016
What this sounds like to enterprise Ops & Sec “What we always give you, but more of it… and a lot more frequently”
“What we always give you, but more of it… and a lot more frequently” What this sounds like to enterprise Ops & Sec
“Shift Left” to avoid disaster (a.k.a “DevOps 101”)
Writing / Running Automated Tests Writing / Exercising Deploy Automation Running Security Scanning Tools “Shift Left” to avoid disaster (a.k.a “DevOps 101”)
Writing / Running Automated Tests Writing / Exercising Deploy Automation Running Security Scanning Tools Deploy. Deploy. Deploy. “Shift Left” to avoid disaster (a.k.a “DevOps 101”)
But guess what... Sh*t happens
But guess what... Sh*t happens Operations
How do you “shift left” incident response?
How do you “shift left” incident response? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
How do you “shift left” incident response? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
How do you “shift left” incident response? But... Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
How do you “shift left” incident response? But... How do you safely and securely give out access? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
How do you “shift left” incident response? But... How do you safely and securely give out access? How do you enable the experts to contribute remediations? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
How do you “shift left” incident response? But... How do you safely and securely give out access? How do you enable the experts to contribute remediations? How do you give visibility into operations? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
How do you “shift left” incident response? But... How do you safely and securely give out access? How do you enable the experts to contribute remediations? How do you give visibility into operations? How do you do postmortems days/weeks/months later? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
Design pattern we’ve seen developing in the community...
Shift Left Step 1: Establish a Secure Ops Portal
Shift Left Step 2: Establish a SDLC for Ops Procedures
Shift Left Step 3: Connect with Enterprise Management Systems
Shift Left Step 4: Make Compliance Really Happy Who created the procedure? Who reviewed it? Who? When? Where? Approval trail?
Pay for it with ROI outside of Security Mark Maun Jody Mulkey Ticketmaster’s “Support at the Edge” model • Empowered support teams with self-service ops tasks • Automated Ops procedures written/vetted by the delivery teams • Expanded who could take action, but ops remained in full control of the policy
Pay for it with ROI outside of Security Mark Maun Jody Mulkey Ticketmaster’s “Support at the Edge” model • Empowered support teams with self-service ops tasks • Automated Ops procedures written/vetted by the delivery teams • Expanded who could take action, but ops remained in full control of the policy Sources: https://www.youtube.com/watch?v=_hr4KiB19bQ http://rundeck.org/stories/mark_maun.html • Removed multiple days of effort from throughout the lifecycle • Reduced escalations by 30% - 40% and overall support incident costs by 55% • Reduced mean time to repair (MTTR) by 50% - 150%
Want to talk more about “shift left” and operations? @alexhonor alex@simplifyops.com My colleague who thinks a lot about these solutions
A word from today’s organizers…
A word from today’s organizers…
A word from today’s organizers…

More Related Content

PDF
Silver Lining for Miles: DevOps for Building Security Solutions
SeniorStoryteller
 
PDF
What we learned from three years sciencing the crap out of devops
Nicole Forsgren
 
PPTX
The R.O.A.D to DevOps
SeniorStoryteller
 
PPTX
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller
 
PPTX
The Journey to DevSecOps
SeniorStoryteller
 
PDF
What We Learned from Three Years of Sciencing the Crap Out of DevOps
SeniorStoryteller
 
PPTX
Failure is inevitable but it isn't permanent
Tom Stiehm
 
PDF
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Tom Stiehm
 
Silver Lining for Miles: DevOps for Building Security Solutions
SeniorStoryteller
 
What we learned from three years sciencing the crap out of devops
Nicole Forsgren
 
The R.O.A.D to DevOps
SeniorStoryteller
 
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller
 
The Journey to DevSecOps
SeniorStoryteller
 
What We Learned from Three Years of Sciencing the Crap Out of DevOps
SeniorStoryteller
 
Failure is inevitable but it isn't permanent
Tom Stiehm
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Tom Stiehm
 

What's hot (17)

PPTX
Open Source Defense for Edge 2017
Adrian Sanabria
 
PDF
New Barriers of Transformation
DevOps Indonesia
 
PDF
Blameless Retrospectives in DevSecOps (at Global Healthcare Giants)
DJ Schleen
 
PDF
Continuous Delivery to Continuous Operations, DevOps & SRE = Continuous Culture
DevOps Indonesia
 
PDF
Using security to drive chaos engineering
Dinis Cruz
 
PPTX
451 AppSense Webinar - Why blame the user?
Adrian Sanabria
 
PDF
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
PDF
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Tom Stiehm
 
PPTX
Security and DevOps Overview
Adrian Sanabria
 
PDF
DevOps not a Toolbox
DevOps Indonesia
 
PPTX
Colin Domoney -
DevSecCon
 
PDF
Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24
 
PDF
DevSecCon Singapore 2018 - Measuring and maximizing vuln discovery efforts by...
DevSecCon
 
PPTX
Shifting Security Left from the Lean+Agile 2019 Conference
Tom Stiehm
 
PPTX
State of DevSecOps - DevOpsDays Jakarta 2019
Stefan Streichsbier
 
PPTX
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 
PPTX
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
SeniorStoryteller
 
Open Source Defense for Edge 2017
Adrian Sanabria
 
New Barriers of Transformation
DevOps Indonesia
 
Blameless Retrospectives in DevSecOps (at Global Healthcare Giants)
DJ Schleen
 
Continuous Delivery to Continuous Operations, DevOps & SRE = Continuous Culture
DevOps Indonesia
 
Using security to drive chaos engineering
Dinis Cruz
 
451 AppSense Webinar - Why blame the user?
Adrian Sanabria
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Tom Stiehm
 
Security and DevOps Overview
Adrian Sanabria
 
DevOps not a Toolbox
DevOps Indonesia
 
Colin Domoney -
DevSecCon
 
Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24
 
DevSecCon Singapore 2018 - Measuring and maximizing vuln discovery efforts by...
DevSecCon
 
Shifting Security Left from the Lean+Agile 2019 Conference
Tom Stiehm
 
State of DevSecOps - DevOpsDays Jakarta 2019
Stefan Streichsbier
 
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
SeniorStoryteller
 
Ad

Viewers also liked (13)

PDF
世界のコーフボール紹介
korfballjp
 
PPTX
Ethnography and product design by Prof William Beeman at ProductCamp Twin Cit...
ProductCamp Twin Cities
 
PPTX
Tips de belleza
Lisseth Gutierrez
 
PDF
100 ιδι τικο συμφ νητικο υπεκμισθ σησ
ATHANASIOS KAVVADAS
 
PDF
Speciale mobilità-elettrica-urbana qualenergia-nov2013
Carlo Iacovini
 
PPTX
Peru Status Report
Indigenous Health Adaptation to Climate Change
 
PPTX
Determinantes y pronombres
guadams
 
PDF
Kaixin's UROP_symposium_poster
Kaixin Chen
 
PDF
Paths to Fisheries Subsidies Reform: Creating sustainable fisheries through t...
The Rockefeller Foundation
 
PPTX
AMIZONER Status Report - March 2014
Neil Mathew
 
PPTX
Pitch to win Sales and Investment
Andrew Keogh
 
PPTX
Jhon quiroga mi historia inspiradora 1
RedvolucionCesarNorte
 
PPS
Paseando Por Asturias 23 10 08
Bieleder
 
世界のコーフボール紹介
korfballjp
 
Ethnography and product design by Prof William Beeman at ProductCamp Twin Cit...
ProductCamp Twin Cities
 
Tips de belleza
Lisseth Gutierrez
 
100 ιδι τικο συμφ νητικο υπεκμισθ σησ
ATHANASIOS KAVVADAS
 
Speciale mobilità-elettrica-urbana qualenergia-nov2013
Carlo Iacovini
 
Peru Status Report
Indigenous Health Adaptation to Climate Change
 
Determinantes y pronombres
guadams
 
Kaixin's UROP_symposium_poster
Kaixin Chen
 
Paths to Fisheries Subsidies Reform: Creating sustainable fisheries through t...
The Rockefeller Foundation
 
AMIZONER Status Report - March 2014
Neil Mathew
 
Pitch to win Sales and Investment
Andrew Keogh
 
Jhon quiroga mi historia inspiradora 1
RedvolucionCesarNorte
 
Paseando Por Asturias 23 10 08
Bieleder
 
Ad

Similar to Ops Happen: Improve Security Without Getting in the Way (20)

PDF
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
 
PDF
Helping Ops Help You: Development’s Role in Enabling Self-Service Operations
Rundeck
 
PDF
Ops Happens: DevOps Beyond Deployment - Damon Edwards
SeniorStoryteller
 
PDF
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
 
DOCX
Shift Left Save Resources DevSecOps and the CICD Pipeline
CloudZenix LLC
 
PDF
Operations as a Service: Because Failure Still Happens
Rundeck
 
PDF
Shift Left Security
gjdevos
 
PDF
Shift Left Security
gjdevos
 
PDF
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
NathanDjami
 
PDF
DevSecOps at Agile 2019
Elizabeth Ayer
 
PDF
Keeping Your DevOps Transformation From Crushing Your Ops Capacity
Rundeck
 
PDF
Deepfence.pdf
Vishwas N
 
PPTX
Shifting security all day dev ops
Tom Stiehm
 
PDF
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Yazad Khandhadia
 
PPTX
Learning from Learnings: Anatomy of Three Incidents
Randy Shoup
 
PPTX
The Journey to DevSecOps
Shannon Lietz
 
PDF
SRE Organizational Framework
Olaf Reitmaier Veracierta
 
PDF
Rick Clymer - Incident Management.pdf
QA or the Highway
 
PPTX
Mapping Networks for Day 3 Management
Inflectiontech Ltd
 
PPTX
Proactive Approach to OT incident response - HOUSECCON 2023
Chris Sistrunk
 
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
 
Helping Ops Help You: Development’s Role in Enabling Self-Service Operations
Rundeck
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
SeniorStoryteller
 
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
 
Shift Left Save Resources DevSecOps and the CICD Pipeline
CloudZenix LLC
 
Operations as a Service: Because Failure Still Happens
Rundeck
 
Shift Left Security
gjdevos
 
Shift Left Security
gjdevos
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
NathanDjami
 
DevSecOps at Agile 2019
Elizabeth Ayer
 
Keeping Your DevOps Transformation From Crushing Your Ops Capacity
Rundeck
 
Deepfence.pdf
Vishwas N
 
Shifting security all day dev ops
Tom Stiehm
 
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Yazad Khandhadia
 
Learning from Learnings: Anatomy of Three Incidents
Randy Shoup
 
The Journey to DevSecOps
Shannon Lietz
 
SRE Organizational Framework
Olaf Reitmaier Veracierta
 
Rick Clymer - Incident Management.pdf
QA or the Highway
 
Mapping Networks for Day 3 Management
Inflectiontech Ltd
 
Proactive Approach to OT incident response - HOUSECCON 2023
Chris Sistrunk
 

More from SeniorStoryteller (20)

PPTX
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
PPTX
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
SeniorStoryteller
 
PDF
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
PPTX
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
PDF
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
SeniorStoryteller
 
PDF
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
PDF
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
PDF
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
PDF
Breaking Bad Equilibruim - John Willis
SeniorStoryteller
 
PDF
DevSecOps - Building Rugged Software
SeniorStoryteller
 
PPTX
NuGet Package Management Done Right
SeniorStoryteller
 
PPTX
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
SeniorStoryteller
 
PPTX
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
PPTX
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
PPTX
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
PDF
Heroes’ Journey: Learning from Successful DevOps Transformations
SeniorStoryteller
 
PPTX
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
PPTX
Create Rugged Applications: Managing Your Software Supply Chain
SeniorStoryteller
 
PPTX
Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
PPTX
Leveraging Nexus Repository Manager at the Heart of DevOps
SeniorStoryteller
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
SeniorStoryteller
 
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
SeniorStoryteller
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
Breaking Bad Equilibruim - John Willis
SeniorStoryteller
 
DevSecOps - Building Rugged Software
SeniorStoryteller
 
NuGet Package Management Done Right
SeniorStoryteller
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
SeniorStoryteller
 
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
Heroes’ Journey: Learning from Successful DevOps Transformations
SeniorStoryteller
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
Create Rugged Applications: Managing Your Software Supply Chain
SeniorStoryteller
 
Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
Leveraging Nexus Repository Manager at the Heart of DevOps
SeniorStoryteller
 

Recently uploaded (20)

PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
A Presentation on Artificial Intelligence
memembruh336
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Teaching material agriculture food technology
LiaRayya
 
Approach and Philosophy of On baking technology
30anthuong17
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Encapsulation theory and applications.pdf
gurumoop
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 

Ops Happen: Improve Security Without Getting in the Way

  • 1. Ops Happens: Improve Security Without Getting in the Way February 29, 2016 ● San Francisco Damon Edwards @damonedwards
  • 4. The Shared Plight of Ops and Security OPS & SEC “Go faster!” “Open it up!” “Be more secure!” “Be more reliable!”
  • 5. Deployment dominates the conversation 2013 Deployment. Deployment. Continuous Delivery. Deployment. Deployment. Continuous Deployment. Deployment. CI/CD. Deployment. Deployment. Deployment. PaaS. Deployment. IaaS. Deployment. Deployment. Infrastructure as Code. Deployment. Deployment. Deployment. Deployment. Containers. Containers. Deployment. Deployment. Deployment. Docker Deployment. Docker. CaaS. Deployment. Docker. Docker. Docker. Docker. Mesos. Deployment. Kubernetes. Deployment. Microservices. Deployment. Deployment. Docker. 2016
  • 6. What this sounds like to enterprise Ops & Sec “What we always give you, but more of it… and a lot more frequently”
  • 7. “What we always give you, but more of it… and a lot more frequently” What this sounds like to enterprise Ops & Sec
  • 8. “Shift Left” to avoid disaster (a.k.a “DevOps 101”)
  • 9. Writing / Running Automated Tests Writing / Exercising Deploy Automation Running Security Scanning Tools “Shift Left” to avoid disaster (a.k.a “DevOps 101”)
  • 10. Writing / Running Automated Tests Writing / Exercising Deploy Automation Running Security Scanning Tools Deploy. Deploy. Deploy. “Shift Left” to avoid disaster (a.k.a “DevOps 101”)
  • 12. But guess what... Sh*t happens Operations
  • 13. How do you “shift left” incident response?
  • 14. How do you “shift left” incident response? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
  • 15. How do you “shift left” incident response? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
  • 16. How do you “shift left” incident response? But... Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
  • 17. How do you “shift left” incident response? But... How do you safely and securely give out access? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
  • 18. How do you “shift left” incident response? But... How do you safely and securely give out access? How do you enable the experts to contribute remediations? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
  • 19. How do you “shift left” incident response? But... How do you safely and securely give out access? How do you enable the experts to contribute remediations? How do you give visibility into operations? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
  • 20. How do you “shift left” incident response? But... How do you safely and securely give out access? How do you enable the experts to contribute remediations? How do you give visibility into operations? How do you do postmortems days/weeks/months later? Those who build something define the procedures to fix it Those who build something fix it when it breaks 1 2
  • 21. Design pattern we’ve seen developing in the community...
  • 22. Shift Left Step 1: Establish a Secure Ops Portal
  • 23. Shift Left Step 2: Establish a SDLC for Ops Procedures
  • 24. Shift Left Step 3: Connect with Enterprise Management Systems
  • 25. Shift Left Step 4: Make Compliance Really Happy Who created the procedure? Who reviewed it? Who? When? Where? Approval trail?
  • 26. Pay for it with ROI outside of Security Mark Maun Jody Mulkey Ticketmaster’s “Support at the Edge” model • Empowered support teams with self-service ops tasks • Automated Ops procedures written/vetted by the delivery teams • Expanded who could take action, but ops remained in full control of the policy
  • 27. Pay for it with ROI outside of Security Mark Maun Jody Mulkey Ticketmaster’s “Support at the Edge” model • Empowered support teams with self-service ops tasks • Automated Ops procedures written/vetted by the delivery teams • Expanded who could take action, but ops remained in full control of the policy Sources: https://www.youtube.com/watch?v=_hr4KiB19bQ http://rundeck.org/stories/mark_maun.html • Removed multiple days of effort from throughout the lifecycle • Reduced escalations by 30% - 40% and overall support incident costs by 55% • Reduced mean time to repair (MTTR) by 50% - 150%
  • 28. Want to talk more about “shift left” and operations? @alexhonor alex@simplifyops.com My colleague who thinks a lot about these solutions
  • 29. A word from today’s organizers…
  • 30. A word from today’s organizers…
  • 31. A word from today’s organizers…