Abstract image of a woman sitting on books and studying on a laptop

The Journey to DevSecOps

Download as PPTX, PDF
Shannon Lietz, profile picture
Shannon Lietz

This document summarizes Shannon Lietz's presentation on the journey to DevSecOps. Some key points include: - DevOps practices started gaining popularity around 2010 due to influential articles and talks. - Security decisions are now often made by DevOps teams on a daily basis rather than security teams. - Compliance alone is not enough for security - there must be continuous improvement through testing, detection, and measurement of progress. - A blameless culture is important for high performance, as mistakes will happen but can be addressed quickly through collaboration.

Technology
1 of 23
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Shannon Lietz The Journey to DevSecOps^ @devsecops
Always an Early Adopter Google Trends • DevOps.com was bought in 2004 • Google searches for “DevOps” started to rise in 2010 • Major influences: – Saving your Infrastructure from DevOps / Chicago Tribune – DevOps: A Culture Shift, Not a Technology / Information Week – DevOps: A Sharder’s Tale from Etsy – DevOps.com articles • RuggedSoftware.org was bought in 2010 https://www.google.com/trends/
Chasing Innovation…
Which means, spending most of your career doing this… Bang Head Here
This is the End of Security as We Know It… Say what?!??! 6+ years later, it’s hard to believe we’re still shocked by this quote! This talk will provide you with a path forward… And a survival kit... -Josh Corman
An Ugly Little Secret • DevOps teams make security decisions… several times, everyday! • Hackers find security issues and exploit them... several times, everday! • Security teams hardly ever make security decisions... and really only when risks need to be officially authorized! https://www.flickr.com/photos/denise_rowlands
In a Deming World… • Most decisions are made within the software supply chain by engineering teams • Security decisions are usually made as a result of attempting to balance design constraints • Gating processes are not Deming-like; but it is hard to avoid business catastrophes by applying measure ahead strategies for security • Most security defects are identified during a major event triggering the equivalent of a security “recall” design build deploy operate How do I secure my app? What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? Typical gates for security checks & balances Mistakes and drift often happen after design and build phases Most costly mistakes Happen during design Missing and much-needed feedback loop
Hackers have lots of opportunities… People • Susceptible to phishing and email scams • Can be social engineered Process • Humans make mistakes, because they are human (6 Sigma) • Process gaps provide room for fraud Technology • Software complexity increases with reusable components • Technology providers have to do their part, or everyone fails!
Get Grounded in Reality • Secure business is the new black! KTLO! • Everyone must be responsible for security! • Perfection is over-rated… Mistakes are inevitable. • Reacting can be costly… build security in. • Compliance is important but it’s not security! • A blaming culture is dangerous, avoid it! • Continuously test, detect, measure and incrementally improve.
Keep The Lights On! • Keeping the Lights on includes Security… • 66% of companies adopting DevOps • DevOps teams need guardrails and guidelines to move fast • Security decisions that haven’t been made before likely require escalation https://www.flickr.com/photos/darwinbell http://www.rightscale.com/blog/cloud-industry-insights/cloud- computing-trends-2015-state-cloud-survey
Enlist Everyone! • Common ratio for Dev, Ops and Sec => 100, 10, 1 • Numbers matter against attackers! • Skills help, but anyone can identify an anomaly. • Everyone needs to help with security; everyone has a role to play. And this is hard to find...
Mistakes happen… • DevOps utilize customer-driven development processes with incremental changes…Mistakes just happen. • But because of frequent changes, teams have more opportunities to correct defects, on average 30x more • Teams need help deciphering how to self-correct https://www.flickr.com/photos/doobybrain
Protection is ideal; Detection is a must! • The faster a defect is discovered, the faster it can be dealt with. • DevOps has 50% faster MTTR • Transforming security events into incidents and problems helps with resolution rates https://www.flickr.com/photos/daoro
Compliance Programs won’t stop a breach • Point in time assessments don’t go far enough • 0 companies (in 10 years) have been found compliant after a breach • Compliance needs to be paired with rugged security http://www.slideshare.net/VerizonEnterpriseSolutions/webinar-new- insights-to-simplify-pci-compliance-and-manage-risk
High Performing is where it’s at! • High performing teams that focus on a blameless culture improve on average 50% better • Blaming cultures create less engagement, 30% less efficient • MTTR is 5x faster in blameless teams that focus on opportunities first #1
Continuous Improvement • Continuous improvement has been a goal for an endless amount of years • Teams that focus on testing, early detection, and measuring progress have 30% fewer defects in production • Tests are often added to continuous delivery to achieve better results throughout the continuous delivery pipeline https://www.flickr.com/photos/deniscollette
Great! What does this look like in practice for a security professional? Leaning in over Always Saying “No” Data & Security Science over Fear, Uncertainty and Doubt Open Contribution & Collaboration over Security-Only Requirements Consumable Security Services with APIs over Mandated Security Controls & Paperwork Business Driven Security Scores over Rubber Stamp Security Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities 24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident Shared Threat Intelligence over Keeping Info to Ourselves Compliance Operations over Clipboards & Checklists
Use Security Skills to Build Tools
Migrate to Security as Code
Get Involved and Join the Community • devsecops.org • @devsecops on Twitter • DevSecOps on LinkedIn • DevSecOps on Github • RuggedSoftware.org • Compliance at Velocity • Join Us !!! • Spread the word!!!
#RuggedDevOps If you see something cool…
Thank You to Our Sponsors
Get today’s Rugged DevOps presentations in your inbox mmiller@sonatype.com

More Related Content

PPTX
ISACA Ireland Keynote 2015
Shannon Lietz
 
PPTX
Finding Security a Home in a DevOps World
Shannon Lietz
 
PPTX
Security as Code owasp
Shannon Lietz
 
PPTX
S360 2015 dev_secops_program
Shannon Lietz
 
PPTX
DevSecCon KeyNote London 2015
Shannon Lietz
 
PPTX
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
Shannon Lietz
 
PPTX
Cloud Security Essentials 2.0 at RSA
Shannon Lietz
 
PPTX
Security and DevOps Overview
Adrian Sanabria
 
ISACA Ireland Keynote 2015
Shannon Lietz
 
Finding Security a Home in a DevOps World
Shannon Lietz
 
Security as Code owasp
Shannon Lietz
 
S360 2015 dev_secops_program
Shannon Lietz
 
DevSecCon KeyNote London 2015
Shannon Lietz
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
Shannon Lietz
 
Cloud Security Essentials 2.0 at RSA
Shannon Lietz
 
Security and DevOps Overview
Adrian Sanabria
 

What's hot (15)

PDF
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
PPTX
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
PDF
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
PPTX
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
PDF
Blameless Retrospectives in DevSecOps (at Global Healthcare Giants)
DJ Schleen
 
PPTX
The Teams Behind DevSecOps
Uleska
 
PDF
DevSecOps - The big picture
DevSecOpsSg
 
PPTX
Overcoming Security Challenges in DevOps
Alert Logic
 
PDF
DevOps and DevSecOps, Incident Management
ShriniKulkarni
 
PDF
2019 DevSecOps Reference Architectures
Sonatype
 
PDF
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
PPTX
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
PPTX
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
PPTX
451 AppSense Webinar - Why blame the user?
Adrian Sanabria
 
PDF
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
Blameless Retrospectives in DevSecOps (at Global Healthcare Giants)
DJ Schleen
 
The Teams Behind DevSecOps
Uleska
 
DevSecOps - The big picture
DevSecOpsSg
 
Overcoming Security Challenges in DevOps
Alert Logic
 
DevOps and DevSecOps, Incident Management
ShriniKulkarni
 
2019 DevSecOps Reference Architectures
Sonatype
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
451 AppSense Webinar - Why blame the user?
Adrian Sanabria
 
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
 
Ad

Viewers also liked (17)

PPTX
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
PPTX
DevSecCon Keynote
Shannon Lietz
 
PDF
Gartner Top 10 Strategic Technology Trends 2016
Deepak Kamboj
 
PPT
DevSecOps Singapore introduction
Stefan Streichsbier
 
PDF
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
DevSecCon
 
PPT
DevSecOps SG Introduction - August Meetup
DevSecOpsSg
 
PDF
Dev seccon london 2016 intelliment security
DevSecCon
 
PDF
RoboCop: Bringing Law and Order to CI/CD
Franklin Mosley
 
PDF
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 
PDF
Vulnerability Advisor Deep Dive (Dec 2016)
Canturk Isci
 
PPTX
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
PPTX
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
PDF
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dominic Tancredi
 
PDF
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
 
PDF
Continuous Security - Thunderplains 2016
Adam Baldwin
 
PDF
Evident io Continuous Compliance - Mar 2017
Sebastian Taphanel CISSP-ISSEP
 
PDF
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
DevSecCon Keynote
Shannon Lietz
 
Gartner Top 10 Strategic Technology Trends 2016
Deepak Kamboj
 
DevSecOps Singapore introduction
Stefan Streichsbier
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
DevSecCon
 
DevSecOps SG Introduction - August Meetup
DevSecOpsSg
 
Dev seccon london 2016 intelliment security
DevSecCon
 
RoboCop: Bringing Law and Order to CI/CD
Franklin Mosley
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 
Vulnerability Advisor Deep Dive (Dec 2016)
Canturk Isci
 
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dominic Tancredi
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
 
Continuous Security - Thunderplains 2016
Adam Baldwin
 
Evident io Continuous Compliance - Mar 2017
Sebastian Taphanel CISSP-ISSEP
 
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
Ad

Similar to The Journey to DevSecOps (20)

PDF
Just4Meeting 2012 - How to protect your web applications
Magno Logan
 
PPTX
2016 - Safely Removing the Last Roadblock to Continuous Delivery
devopsdaysaustin
 
PDF
Hacking hired [Forecasting 2021] Jan 2021
Rachel Harpley
 
PPTX
Intro to INFOSEC
Sean Whalen
 
PDF
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
PPTX
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Robi Sen
 
PDF
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Aaron Hnatiw
 
PPTX
Secure DevOps - Evolution or Revolution?
Security Innovation
 
PPTX
Implementing Technology in Your Agency - Laird Rixford, ITC
Insurance Technologies Corporation (ITC)
 
PPTX
State of DevSecOps - DevOpsDays Jakarta 2019
Stefan Streichsbier
 
PDF
The State of DevSecOps
DevOps Indonesia
 
PDF
Sprint with Agile, Deliver With DevOps
Leland Newsom CSP-SM, SPC5, SDP
 
PPTX
DevSecOps with Microsoft Tech
Darin Morris
 
PDF
Lean Security
Ben Johnson
 
PPTX
DevOps and the Future of Information Security
Darin Morris
 
PPTX
Assessing Your security
Legal Services National Technology Assistance Project (LSNTAP)
 
PPTX
DevOps and the Future of InfoSec
Darin Morris
 
PPTX
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
PDF
Modeling and Measuring DevOps Culture
Leland Newsom CSP-SM, SPC5, SDP
 
PPTX
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
Just4Meeting 2012 - How to protect your web applications
Magno Logan
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
devopsdaysaustin
 
Hacking hired [Forecasting 2021] Jan 2021
Rachel Harpley
 
Intro to INFOSEC
Sean Whalen
 
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Robi Sen
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Aaron Hnatiw
 
Secure DevOps - Evolution or Revolution?
Security Innovation
 
Implementing Technology in Your Agency - Laird Rixford, ITC
Insurance Technologies Corporation (ITC)
 
State of DevSecOps - DevOpsDays Jakarta 2019
Stefan Streichsbier
 
The State of DevSecOps
DevOps Indonesia
 
Sprint with Agile, Deliver With DevOps
Leland Newsom CSP-SM, SPC5, SDP
 
DevSecOps with Microsoft Tech
Darin Morris
 
Lean Security
Ben Johnson
 
DevOps and the Future of Information Security
Darin Morris
 
Assessing Your security
Legal Services National Technology Assistance Project (LSNTAP)
 
DevOps and the Future of InfoSec
Darin Morris
 
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
Modeling and Measuring DevOps Culture
Leland Newsom CSP-SM, SPC5, SDP
 
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 

Recently uploaded (20)

PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPTX
TEXTILE technology diploma scope and career opportunities
kriti38
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
Produktkatalog fĂĽr HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
The various Industrial Revolutions .pptx
bandileshozi3
 
TEXTILE technology diploma scope and career opportunities
kriti38
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
Produktkatalog fĂĽr HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 

The Journey to DevSecOps

  • 1. Shannon Lietz The Journey to DevSecOps^ @devsecops
  • 2. Always an Early Adopter Google Trends • DevOps.com was bought in 2004 • Google searches for “DevOps” started to rise in 2010 • Major influences: – Saving your Infrastructure from DevOps / Chicago Tribune – DevOps: A Culture Shift, Not a Technology / Information Week – DevOps: A Sharder’s Tale from Etsy – DevOps.com articles • RuggedSoftware.org was bought in 2010 https://www.google.com/trends/
  • 4. Which means, spending most of your career doing this… Bang Head Here
  • 5. This is the End of Security as We Know It… Say what?!??! 6+ years later, it’s hard to believe we’re still shocked by this quote! This talk will provide you with a path forward… And a survival kit... -Josh Corman
  • 6. An Ugly Little Secret • DevOps teams make security decisions… several times, everyday! • Hackers find security issues and exploit them... several times, everday! • Security teams hardly ever make security decisions... and really only when risks need to be officially authorized! https://www.flickr.com/photos/denise_rowlands
  • 7. In a Deming World… • Most decisions are made within the software supply chain by engineering teams • Security decisions are usually made as a result of attempting to balance design constraints • Gating processes are not Deming-like; but it is hard to avoid business catastrophes by applying measure ahead strategies for security • Most security defects are identified during a major event triggering the equivalent of a security “recall” design build deploy operate How do I secure my app? What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? Typical gates for security checks & balances Mistakes and drift often happen after design and build phases Most costly mistakes Happen during design Missing and much-needed feedback loop
  • 8. Hackers have lots of opportunities… People • Susceptible to phishing and email scams • Can be social engineered Process • Humans make mistakes, because they are human (6 Sigma) • Process gaps provide room for fraud Technology • Software complexity increases with reusable components • Technology providers have to do their part, or everyone fails!
  • 9. Get Grounded in Reality • Secure business is the new black! KTLO! • Everyone must be responsible for security! • Perfection is over-rated… Mistakes are inevitable. • Reacting can be costly… build security in. • Compliance is important but it’s not security! • A blaming culture is dangerous, avoid it! • Continuously test, detect, measure and incrementally improve.
  • 10. Keep The Lights On! • Keeping the Lights on includes Security… • 66% of companies adopting DevOps • DevOps teams need guardrails and guidelines to move fast • Security decisions that haven’t been made before likely require escalation https://www.flickr.com/photos/darwinbell http://www.rightscale.com/blog/cloud-industry-insights/cloud- computing-trends-2015-state-cloud-survey
  • 11. Enlist Everyone! • Common ratio for Dev, Ops and Sec => 100, 10, 1 • Numbers matter against attackers! • Skills help, but anyone can identify an anomaly. • Everyone needs to help with security; everyone has a role to play. And this is hard to find...
  • 12. Mistakes happen… • DevOps utilize customer-driven development processes with incremental changes…Mistakes just happen. • But because of frequent changes, teams have more opportunities to correct defects, on average 30x more • Teams need help deciphering how to self-correct https://www.flickr.com/photos/doobybrain
  • 13. Protection is ideal; Detection is a must! • The faster a defect is discovered, the faster it can be dealt with. • DevOps has 50% faster MTTR • Transforming security events into incidents and problems helps with resolution rates https://www.flickr.com/photos/daoro
  • 14. Compliance Programs won’t stop a breach • Point in time assessments don’t go far enough • 0 companies (in 10 years) have been found compliant after a breach • Compliance needs to be paired with rugged security http://www.slideshare.net/VerizonEnterpriseSolutions/webinar-new- insights-to-simplify-pci-compliance-and-manage-risk
  • 15. High Performing is where it’s at! • High performing teams that focus on a blameless culture improve on average 50% better • Blaming cultures create less engagement, 30% less efficient • MTTR is 5x faster in blameless teams that focus on opportunities first #1
  • 16. Continuous Improvement • Continuous improvement has been a goal for an endless amount of years • Teams that focus on testing, early detection, and measuring progress have 30% fewer defects in production • Tests are often added to continuous delivery to achieve better results throughout the continuous delivery pipeline https://www.flickr.com/photos/deniscollette
  • 17. Great! What does this look like in practice for a security professional? Leaning in over Always Saying “No” Data & Security Science over Fear, Uncertainty and Doubt Open Contribution & Collaboration over Security-Only Requirements Consumable Security Services with APIs over Mandated Security Controls & Paperwork Business Driven Security Scores over Rubber Stamp Security Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities 24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident Shared Threat Intelligence over Keeping Info to Ourselves Compliance Operations over Clipboards & Checklists
  • 18. Use Security Skills to Build Tools
  • 20. Get Involved and Join the Community • devsecops.org • @devsecops on Twitter • DevSecOps on LinkedIn • DevSecOps on Github • RuggedSoftware.org • Compliance at Velocity • Join Us !!! • Spread the word!!!
  • 21. #RuggedDevOps If you see something cool…
  • 22. Thank You to Our Sponsors
  • 23. Get today’s Rugged DevOps presentations in your inbox mmiller@sonatype.com