SlideShare a Scribd company logo

The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

D
DevSecOpsSg

Fabian Lim is a DevSecOps engineer with 1.5 years of experience and a strong educational background in information security. He emphasizes collaboration, proactive security measures, and the importance of integrating security practices across development teams to enhance overall security posture. His focus includes red teaming, culture hacking, and metrics for security defect reporting.

Technology
1 of 15
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
The Rise of Fabian Lim
/about • DevSecOps Engineer – 1.5 years – Culture Hacking – Passion in Infrastructure and Operations • Carnegie Mellon University – MSc Information Security Policy and Management • Singapore Management University – BSc Information Systems • Gym, Krav Maga enthusiast
/journey 1. DevSecOps Engineer 2. Open-Source Projects 3. Red Team 4. Culture Hacking 5. Security Defect Reporting & Metrics
https://s-media-cache-ak0.pinimg.com/originals/f6/36/0d/f6360df9be90fa7b03cb7f4e7b5a6dc6.jpg
/peek • A Peek into My Everyday – Development and maintenance of in house tools using experiments – Security knowledge is essential to identify security flaws – Operations know-how of our own infrastructure so it is resilient • Red Team Monday is awesome! • Blue Team All-Day is cool too!
/mindset • Collaboration Focus • Open and Transparent • Prefer Shiteration over Perfection • (Actively) “Hunting” mode over Reactive mode • What keeps you up at night?
/how • Everyone – needs to get their hands dirty at code • Can-do Agile Attitude – Fail Fast, Crawl Walk Run • Culture - Everyone is responsible for Security • Red Teaming – Crucial to move the ‘urgency’ needle • Metrics – to report, show trends
/why • Passion • Revolutionary Way of Doing Security • Works and Improves the Security Posture of the Company • I Want to be Worked WITH Rather Than AGAINST
/open_source_projects • GOAL: Get developers to be involved and contribute your security tools • EFFECT: Working together • RESULT: Secure Company-Wide Projects
• TRADITION: Security Team v.s Development Team • GOAL: We are all one – there is no ‘them’ and ‘us’ • METHOD: Security Understands Developers and Helps to Solve Security Issues Together, not Blaming • RESULT: Shared Sense of Responsibility /culture
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
/red_team • TARGET: Low-Hanging Fruit • EFFECT: A Method to Convince Management • RESULT: Increases Focus and Resources on Security
/security_defect_reporting • GOAL: Measure State of Security • EFFECT: Management sees resources used effectively • RESULT: Significantly improve Visibility on Security Performance
/references • devsecops.org • github.com/devsecops/bootcamp • @3jmaster • http://www.devsecops.org/blog?tag=DevSecOps+Explained
/gracias

More Related Content

PDF
DevSecOps - The big picture
DevSecOpsSg
 
PDF
Integrating DevOps and Security
Stijn Muylle
 
PDF
DevSecOps - The big picture
Stefan Streichsbier
 
PDF
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon
 
PPTX
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
PDF
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon
 
PPTX
The Journey to DevSecOps
SeniorStoryteller
 
PDF
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps - The big picture
DevSecOpsSg
 
Integrating DevOps and Security
Stijn Muylle
 
DevSecOps - The big picture
Stefan Streichsbier
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon
 
The Journey to DevSecOps
SeniorStoryteller
 
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 

What's hot (20)

KEY
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
PDF
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
PDF
2019 DevSecOps Reference Architectures
Sonatype
 
PPTX
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 
PDF
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
PDF
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon
 
PDF
Ast in CI/CD by Ofer Maor
DevSecCon
 
PPTX
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
PDF
A Secure DevOps Journey
Sonatype
 
PPTX
Null application security in an agile world
Stefan Streichsbier
 
PDF
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
PPTX
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
PPTX
DevSecOps : an Introduction
Prashanth B. P.
 
PDF
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
SecureSoftwareDevOn SecureSoftwareDevOn
 
PDF
Dos and Don'ts of DevSecOps
Priyanka Aash
 
PDF
Application Security in an Agile World - Agile Singapore 2016
Stefan Streichsbier
 
PDF
DevSecOps and the CI/CD Pipeline
James Wickett
 
PDF
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
PDF
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
 
PDF
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
2019 DevSecOps Reference Architectures
Sonatype
 
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon
 
Ast in CI/CD by Ofer Maor
DevSecCon
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
A Secure DevOps Journey
Sonatype
 
Null application security in an agile world
Stefan Streichsbier
 
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
DevSecOps : an Introduction
Prashanth B. P.
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
SecureSoftwareDevOn SecureSoftwareDevOn
 
Dos and Don'ts of DevSecOps
Priyanka Aash
 
Application Security in an Agile World - Agile Singapore 2016
Stefan Streichsbier
 
DevSecOps and the CI/CD Pipeline
James Wickett
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
 
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
 
Ad

Viewers also liked (18)

PPTX
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
PDF
The Changing Landscape of Information Security
DevSecOpsSg
 
PDF
DevSecOps - Building Rugged Software
SeniorStoryteller
 
PDF
DevSecOps in Baby Steps
Priyanka Aash
 
PPTX
DevOps & Security: Here & Now
Checkmarx
 
PDF
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
PPTX
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
PPTX
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 
PPTX
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
PDF
Devops, Secops, Opsec, DevSec *ops *.* ?
Kris Buytaert
 
PDF
DevOps and IT security
ch.osme
 
PPTX
DevOps in a Regulated and Embedded Environment (AgileDC)
Arjun Comar
 
PDF
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
PPTX
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
PDF
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
PPTX
Empowering Application Security Protection in the World of DevOps
IBM Security
 
PDF
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
PDF
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
The Changing Landscape of Information Security
DevSecOpsSg
 
DevSecOps - Building Rugged Software
SeniorStoryteller
 
DevSecOps in Baby Steps
Priyanka Aash
 
DevOps & Security: Here & Now
Checkmarx
 
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
Devops, Secops, Opsec, DevSec *ops *.* ?
Kris Buytaert
 
DevOps and IT security
ch.osme
 
DevOps in a Regulated and Embedded Environment (AgileDC)
Arjun Comar
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
Ad

Similar to The Rise of DevSecOps - Fabian Lim - DevSecOpsSg (20)

PDF
Building Security Teams
Astera Esther Schneeweisz
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
PPTX
ISACA Ireland Keynote 2015
Shannon Lietz
 
PDF
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Eryk Budi Pratama
 
PPTX
Lean_Security.pptx
Clase21
 
PPTX
DevSecOps: Integrating Security Into DevOps! {Business Security}
Algoworks Inc
 
PPTX
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
PDF
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
PDF
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
CODE BLUE
 
PPTX
Software Developer Resumes
John Valentino
 
PDF
Effective security
Mike Mackintosh
 
PDF
Scale security for a dollar or less
Mohammed A. Imran
 
PPTX
DevSecCon Keynote
Shannon Lietz
 
PPTX
DevSecCon KeyNote London 2015
Shannon Lietz
 
PDF
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
PPTX
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
PDF
Leveraging red for defense
Priyanka Aash
 
PDF
Power your way to becoming a red team cyber security expert
ShivamSharma909
 
PDF
DevOps: Lead, Follow or Get Out of the Way - A CISO Perspective
Texas.gov
 
Building Security Teams
Astera Esther Schneeweisz
 
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
ISACA Ireland Keynote 2015
Shannon Lietz
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Eryk Budi Pratama
 
Lean_Security.pptx
Clase21
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
Algoworks Inc
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
CODE BLUE
 
Software Developer Resumes
John Valentino
 
Effective security
Mike Mackintosh
 
Scale security for a dollar or less
Mohammed A. Imran
 
DevSecCon Keynote
Shannon Lietz
 
DevSecCon KeyNote London 2015
Shannon Lietz
 
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
Leveraging red for defense
Priyanka Aash
 
Power your way to becoming a red team cyber security expert
ShivamSharma909
 
DevOps: Lead, Follow or Get Out of the Way - A CISO Perspective
Texas.gov
 

Recently uploaded (20)

PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Encapsulation theory and applications.pdf
gurumoop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Teaching material agriculture food technology
LiaRayya
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 

The Rise of DevSecOps - Fabian Lim - DevSecOpsSg