SlideShare a Scribd company logo

DevSecOps The Evolution of DevOps

M
Michael Man

The presentation on DevSecOps emphasizes the collaboration between various roles in software development to integrate security throughout the development process. It discusses the evolution of DevOps, the importance of adopting security best practices, and the challenges faced by large, regulated organizations in implementing DevSecOps. The future of DevSecOps is portrayed as essential, with benefits including cost reduction, faster delivery, and a culture of shared responsibility for security.

Technology
1 of 18
Downloaded 63 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
DevSecOps The Evolution of DevOps Or how I learned to start worrying and love security @jamesbetteley
Who is this guy? @jamesbetteley
What I’m going to talk about What I mean by DevSecOps and how we messed up DevOps What’ll inevitably happen next How we can influence the future of DevSecOps Who’s going to need DevSecOps? How we’re doing it right now The challenges we face
How we messed up DevOps
DevSecOps means... “Developers, testers, security architects, infrastructure, DBAs and many others collaborating to design, build, validate, deploy, operate and maintain software in a rapid, reliable, repeatable and secure fashion”
DevSecOps doesn’t mean... Compliance as code Security testing in your CD pipeline
Where is DevSecOps right now...
What’ll happen next... DevSecOps tooling DevSecOps engineers DevSecOps as a service DevSecOps frameworks DevSecOps Handbook
The future of DevSecOps “Our number one objective should be to educate the software delivery community on the importance of Security, and to help them adopt best practices for ensuring Security is baked into our applications and processes”
DevSecOps isn’t necessary, it’s inevitable!
How we’re doing DevSecOps Contino’s approach to applying DevSecOps in large, regulated enterprises.
We look at... ➔ People changes ◆ Upskilling ◆ Communities of practice ◆ Leadership & Coaching ◆ Cross-functional delivery teams with security SMEs embedded ➔ Process changes ◆ Security & Operability as first-class-citizens ◆ Security & Operability stories on backlog ◆ Security testing in dev domain ➔ Technology changes ◆ Security testing in CD pipeline ◆ IAST ◆ SAST & DAST ◆ Dependency scanning
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Building DevSecOps teams
Who needs DevSecOps
Challenges... Large, regulated organisations NEED DevSecOps This doesn’t mean they’re READY for DevSecOps Org structures make DevSecOps very hard to achieve Existing cultures and empires hard to break down It’s as hard as selling Agile and DevOps
On selling DevSecOps... ● Cost reduction is achieved by detecting and fixing security issues during the development phases. ● Speed of delivery is increased as security bottlenecks are minimised or eliminated. ● Speed of recovery is enhanced ● Enhanced monitoring and auditing leads to improved threat hunting ● Immutable infrastructure reduces attack vectors ● Immutable infrastructure improves overall security by reducing vulnerabilities, and increasing code coverage and automation. ● Ensures the ‘secure by design’ principle by using automated security review of code ● Creates targeted customer value through secure iterative innovation at speed and scale. ● Security is federated and becomes the responsibility of everyone, not just a specialised team, or even individual. ● DevSecOps fosters a culture of openness and transparency from the earliest stages of development. ● Increased sales as it is much easier to sell a demonstrably secure product.

More Related Content

PDF
2019 DevSecOps Reference Architectures
Sonatype
 
PDF
DevSecOps Implementation Journey
DevOps Indonesia
 
PDF
DevSecOps What Why and How
NotSoSecure Global Services
 
PDF
Introduction to DevSecOps
Setu Parimi
 
PDF
DevSecOps
Tomas Honzak
 
PDF
The State of DevSecOps
DevOps Indonesia
 
PPTX
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
PDF
DevOps - A Gentle Introduction
CodeOps Technologies LLP
 
2019 DevSecOps Reference Architectures
Sonatype
 
DevSecOps Implementation Journey
DevOps Indonesia
 
DevSecOps What Why and How
NotSoSecure Global Services
 
Introduction to DevSecOps
Setu Parimi
 
DevSecOps
Tomas Honzak
 
The State of DevSecOps
DevOps Indonesia
 
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
DevOps - A Gentle Introduction
CodeOps Technologies LLP
 

What's hot (20)

PDF
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
PPTX
DevSecOps reference architectures 2018
Sonatype
 
PPTX
Devops online training ppt
KhalidQureshi31
 
PDF
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
PPTX
About DevOps in simple steps
Ihor Odynets
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
PDF
Security Process in DevSecOps
Opsta
 
PPTX
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPTX
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
PDF
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
PPTX
Introduction to DevSecOps
abhimanyubhogwan
 
PPTX
How to Get Started with DevSecOps
CYBRIC
 
PDF
Practical DevSecOps - Arief Karfianto
idsecconf
 
PDF
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
PPTX
DevSecOps
Joel Divekar
 
PDF
DevOps
Hakan Yüksel
 
PPTX
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
Simplilearn
 
PPTX
DevOps introduction
Mettje Heegstra
 
PDF
The What, Why, and How of DevSecOps
Cprime
 
PDF
Demystifying DevSecOps
Archana Joshi
 
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps reference architectures 2018
Sonatype
 
Devops online training ppt
KhalidQureshi31
 
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
About DevOps in simple steps
Ihor Odynets
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Security Process in DevSecOps
Opsta
 
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Introduction to DevSecOps
abhimanyubhogwan
 
How to Get Started with DevSecOps
CYBRIC
 
Practical DevSecOps - Arief Karfianto
idsecconf
 
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
DevSecOps
Joel Divekar
 
DevOps
Hakan Yüksel
 
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
Simplilearn
 
DevOps introduction
Mettje Heegstra
 
The What, Why, and How of DevSecOps
Cprime
 
Demystifying DevSecOps
Archana Joshi
 
Ad

Similar to DevSecOps The Evolution of DevOps (20)

PDF
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
mohitd6
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
PPTX
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei
 
PDF
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
PDF
Understanding DevOps Security - Full Guide
Lency Korien
 
PDF
understanding devops security - DevSecOps
Anshulkichara3
 
PDF
Why DevSecOps Is Necessary For Your SDLC Pipeline?
Enov8
 
PDF
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Mobibiz India
 
PDF
DevSecOps Implement Making Security Central to Your DevOps Pipeline
Enov8
 
PPTX
DevOps vs. DevSecOps Understanding the Differences.pptx
Dev Software
 
PPTX
DevOps vs. DevSecOps: Understanding the Differences
Dev Software
 
PDF
From DevOps to DevSecOps: Evolution of Secure Software Development
ScalaCode
 
PDF
Scale security for a dollar or less
Mohammed A. Imran
 
PPTX
DevSecOps: Security With DevOps
Knoldus Inc.
 
PPTX
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
Bryan Len
 
PDF
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
PDF
DevOps vs DevSecOps_ What CTOs Must Know Before Scaling Securely.pdf
Devseccops.ai
 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
your techdigest
 
PPTX
DevOps to DevSecOps Journey..
Siddharth Joshi
 
PPTX
DevSecOps: The Future of Secure Software Development
Dev Software
 
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
mohitd6
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei
 
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Understanding DevOps Security - Full Guide
Lency Korien
 
understanding devops security - DevSecOps
Anshulkichara3
 
Why DevSecOps Is Necessary For Your SDLC Pipeline?
Enov8
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Mobibiz India
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
Enov8
 
DevOps vs. DevSecOps Understanding the Differences.pptx
Dev Software
 
DevOps vs. DevSecOps: Understanding the Differences
Dev Software
 
From DevOps to DevSecOps: Evolution of Secure Software Development
ScalaCode
 
Scale security for a dollar or less
Mohammed A. Imran
 
DevSecOps: Security With DevOps
Knoldus Inc.
 
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
Bryan Len
 
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
DevOps vs DevSecOps_ What CTOs Must Know Before Scaling Securely.pdf
Devseccops.ai
 
The Rise of DevSecOps in CI_CD Workflows.pdf
your techdigest
 
DevOps to DevSecOps Journey..
Siddharth Joshi
 
DevSecOps: The Future of Secure Software Development
Dev Software
 
Ad

More from Michael Man (20)

PPTX
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
PDF
K8S Certifications - Exam Cram
Michael Man
 
PDF
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
Michael Man
 
PDF
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
Michael Man
 
PPTX
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
PPTX
Extract Oct 2019: DSO-LG Rolling Slides
Michael Man
 
PPTX
Sept 2019 - DSO-LG Tooling Examples
Michael Man
 
PPTX
DevSecOps Manchester - May 2019
Michael Man
 
PDF
Chris Rutter: Avoiding The Security Brick
Michael Man
 
PPTX
Extract: DevSecOps - London Gathering (March 2019)
Michael Man
 
PDF
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
PDF
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
PDF
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
PDF
August 2018: DevSecOps - London Gathering
Michael Man
 
PPTX
DevSecOps - London Gathering : June 2018
Michael Man
 
PDF
Continuous Security: From tins to containers - now what!
Michael Man
 
PDF
The mechanics behind how attackers exploit simple programming mistakes ...
Michael Man
 
PDF
Secret Management Journey - Here Be Dragons aka Secret Dragons
Michael Man
 
PPTX
DevSecOps March 2018 - Extract
Michael Man
 
PDF
Dynaminet -DevSecOps
Michael Man
 
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
K8S Certifications - Exam Cram
Michael Man
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
Michael Man
 
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
Michael Man
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
Extract Oct 2019: DSO-LG Rolling Slides
Michael Man
 
Sept 2019 - DSO-LG Tooling Examples
Michael Man
 
DevSecOps Manchester - May 2019
Michael Man
 
Chris Rutter: Avoiding The Security Brick
Michael Man
 
Extract: DevSecOps - London Gathering (March 2019)
Michael Man
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
August 2018: DevSecOps - London Gathering
Michael Man
 
DevSecOps - London Gathering : June 2018
Michael Man
 
Continuous Security: From tins to containers - now what!
Michael Man
 
The mechanics behind how attackers exploit simple programming mistakes ...
Michael Man
 
Secret Management Journey - Here Be Dragons aka Secret Dragons
Michael Man
 
DevSecOps March 2018 - Extract
Michael Man
 
Dynaminet -DevSecOps
Michael Man
 

Recently uploaded (20)

PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Encapsulation theory and applications.pdf
gurumoop
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Approach and Philosophy of On baking technology
30anthuong17
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
KodekX | Application Modernization Development
KodekX
 
Cloud computing and distributed systems.
kkkkkhan
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 

DevSecOps The Evolution of DevOps

  • 1. DevSecOps The Evolution of DevOps Or how I learned to start worrying and love security @jamesbetteley
  • 2. Who is this guy? @jamesbetteley
  • 3. What I’m going to talk about What I mean by DevSecOps and how we messed up DevOps What’ll inevitably happen next How we can influence the future of DevSecOps Who’s going to need DevSecOps? How we’re doing it right now The challenges we face
  • 5. DevSecOps means... “Developers, testers, security architects, infrastructure, DBAs and many others collaborating to design, build, validate, deploy, operate and maintain software in a rapid, reliable, repeatable and secure fashion”
  • 6. DevSecOps doesn’t mean... Compliance as code Security testing in your CD pipeline
  • 8. What’ll happen next... DevSecOps tooling DevSecOps engineers DevSecOps as a service DevSecOps frameworks DevSecOps Handbook
  • 9. The future of DevSecOps “Our number one objective should be to educate the software delivery community on the importance of Security, and to help them adopt best practices for ensuring Security is baked into our applications and processes”
  • 10. DevSecOps isn’t necessary, it’s inevitable!
  • 11. How we’re doing DevSecOps Contino’s approach to applying DevSecOps in large, regulated enterprises.
  • 12. We look at... ➔ People changes ◆ Upskilling ◆ Communities of practice ◆ Leadership & Coaching ◆ Cross-functional delivery teams with security SMEs embedded ➔ Process changes ◆ Security & Operability as first-class-citizens ◆ Security & Operability stories on backlog ◆ Security testing in dev domain ➔ Technology changes ◆ Security testing in CD pipeline ◆ IAST ◆ SAST & DAST ◆ Dependency scanning
  • 17. Challenges... Large, regulated organisations NEED DevSecOps This doesn’t mean they’re READY for DevSecOps Org structures make DevSecOps very hard to achieve Existing cultures and empires hard to break down It’s as hard as selling Agile and DevOps
  • 18. On selling DevSecOps... ● Cost reduction is achieved by detecting and fixing security issues during the development phases. ● Speed of delivery is increased as security bottlenecks are minimised or eliminated. ● Speed of recovery is enhanced ● Enhanced monitoring and auditing leads to improved threat hunting ● Immutable infrastructure reduces attack vectors ● Immutable infrastructure improves overall security by reducing vulnerabilities, and increasing code coverage and automation. ● Ensures the ‘secure by design’ principle by using automated security review of code ● Creates targeted customer value through secure iterative innovation at speed and scale. ● Security is federated and becomes the responsibility of everyone, not just a specialised team, or even individual. ● DevSecOps fosters a culture of openness and transparency from the earliest stages of development. ● Increased sales as it is much easier to sell a demonstrably secure product.