Preventing Devoops with Dev Sec Ops Kieran Jacobsen

Sign up to view full document!

Preventing Devoops with Dev. Sec. Ops Kieran Jacobsen Technical Lead – Infrastructure & Security

Preventing Devoops with Dev. Sec. Ops Kieran Jacobsen Technical Lead – Infrastructure & Security

2016 was a big year… Page 2 / Copyright © 2017 by Readify Limited

2016 was a big year… Page 2 / Copyright © 2017 by Readify Limited

2017 is getting of to a bad start… Page 3 / Copyright © 2017

2017 is getting of to a bad start… Page 3 / Copyright © 2017 by Readify Limited

Before Dev. Ops Page 4 / Copyright © 2017 by Readify Limited

Before Dev. Ops Page 4 / Copyright © 2017 by Readify Limited

Dev. Ops Page 5 / Copyright © 2017 by Readify Limited

Dev. Ops Page 5 / Copyright © 2017 by Readify Limited

But Where Is Security? Page 6 / Copyright © 2017 by Readify Limited

But Where Is Security? Page 6 / Copyright © 2017 by Readify Limited

Dev. Sec. Ops › Clear Communication Pathways › Streamlined Communication › Security As Code

Dev. Sec. Ops › Clear Communication Pathways › Streamlined Communication › Security As Code › Training › Integrate Security into Dev. Ops cycle Page 7 / Copyright © 2017 by Readify Limited

Communication Pathways Development Operations Security Page 9 / Copyright © 2017 by Readify Limited

Communication Pathways Development Operations Security Page 9 / Copyright © 2017 by Readify Limited

Streamlined Communication NO: › Excel checklists › Word document reports › Email Attachments Page

Streamlined Communication NO: › Excel checklists › Word document reports › Email Attachments Page 10 / Copyright © 2017 by Readify Limited

Streamlined Communication YES: › Backlogs/boards Page 11 / Copyright © 2017 by Readify Limited

Streamlined Communication YES: › Backlogs/boards Page 11 / Copyright © 2017 by Readify Limited

Streamlined Communication YES: › Backlogs/boards › Support ticketing Page 12 / Copyright © 2017

Streamlined Communication YES: › Backlogs/boards › Support ticketing Page 12 / Copyright © 2017 by Readify Limited

Streamlined Communication YES: › Backlogs/boards › Support ticketing › Markup and Git Page 13

Streamlined Communication YES: › Backlogs/boards › Support ticketing › Markup and Git Page 13 / Copyright © 2017 by Readify Limited

Security As Code › Application Source Code › Azure ARM and AWS Cloud Formation

Security As Code › Application Source Code › Azure ARM and AWS Cloud Formation › Server Configuration – Chef, Puppet, DSC Page 14 / Copyright © 2017 by Readify Limited

ARM Templates Page 15 / Copyright © 2017 by Readify Limited

ARM Templates Page 15 / Copyright © 2017 by Readify Limited

Power. Shell DSC Page 16 / Copyright © 2017 by Readify Limited

Power. Shell DSC Page 16 / Copyright © 2017 by Readify Limited

Training › We can’t be experts in Dev, Sec and Ops › We need

Training › We can’t be experts in Dev, Sec and Ops › We need cross pollination of skills › Starts at day 0 Page 17 / Copyright © 2017 by Readify Limited

Integrating Security Page 18 / Copyright © 2017 by Readify Limited

Integrating Security Page 18 / Copyright © 2017 by Readify Limited

Plan › Integrate security into sprint planning and reviews › Consider security stories early

Plan › Integrate security into sprint planning and reviews › Consider security stories early Page 19 / Copyright © 2017 by Readify Limited

Code › Training! › Test driven development › Use of the correct tools ›

Code › Training! › Test driven development › Use of the correct tools › Pull Requests Page 20 / Copyright © 2017 by Readify Limited

Build › Static code analysis › Dynamic code analysis Page 21 / Copyright ©

Build › Static code analysis › Dynamic code analysis Page 21 / Copyright © 2017 by Readify Limited

Test › Develop security test cases › Fuzzing › Load testing Page 22 /

Test › Develop security test cases › Fuzzing › Load testing Page 22 / Copyright © 2017 by Readify Limited

Release & Deploy › Automated scanning upon deployment Page 23 / Copyright © 2017

Release & Deploy › Automated scanning upon deployment Page 23 / Copyright © 2017 by Readify Limited

Operate & Monitor › Monitor logs › Rescan for vulnerabilities › Track dependencies Page

Operate & Monitor › Monitor logs › Rescan for vulnerabilities › Track dependencies Page 24 / Copyright © 2017 by Readify Limited

Thank You

Thank You

Slides: 24

Download presentation

Dev ops sec

Winding familien stamtræ

Winding familien stamtræ

How to bypass uac with powershell

How to bypass uac with powershell

Kieran jacobsen

Kieran jacobsen

Kieran jacobsen

Kieran jacobsen

Kieran jacobsen

Kieran jacobsen

Capato dev ops

Michele jacobsen

Michele jacobsen

Mittens väg

Gitte jacobsen

Jacobsen 2015

Karen jacobsen

Dag jacobsen

Jacobsen 500101

Jacobsen 500101

Scott jacobsen lockheed martin

Scott jacobsen lockheed martin

Angvik eiendom

Jessi jacobsen

Anette faye jacobsen

Anette faye jacobsen

The corrs discographie

The corrs discographie

Kieran mathieson

Kieran mathieson

Kieran sharkey

Kieran hall self portrait

Kieran hall self portrait

Stephen brennan bon secours

Stephen brennan bon secours

Kieran garvey

Kieran amos warwickshire

Kieran amos warwickshire

Preventing Devoops with Dev Sec Ops Kieran Jacobsen

Preventing Devoops with Dev Sec Ops Kieran Jacobsen

Preventing Devoops with Dev Sec Ops Kieran Jacobsen

Preventing Devoops with Dev Sec Ops Kieran Jacobsen

Software Engineering Dev Ops Dev Ops Dev Ops

Software Engineering Dev Ops Dev Ops Dev Ops

Dev Ops Git Ops What is Git Ops

Dev Ops Git Ops What is Git Ops

Dev Ops Introduction to SherwinWilliams Dev Ops Introduction

Dev Ops Introduction to SherwinWilliams Dev Ops Introduction

Dev Ops Zirvesi 2017 Hogeldiniz Dev Ops Temel

Dev Ops Zirvesi 2017 Hogeldiniz Dev Ops Temel

Dev Ops Fundamentals Introduction to Dev Ops http

Dev Ops Fundamentals Introduction to Dev Ops http

Dev Ops Configuration Andres Villalobos IT Dev Ops

Dev Ops Configuration Andres Villalobos IT Dev Ops

Qu es Dev Ops Descubra cmo Dev Ops

Qu es Dev Ops Descubra cmo Dev Ops

HL Dev Ops Conversations Session 2 Dev Ops

HL Dev Ops Conversations Session 2 Dev Ops

Dev Ops Configuration Andres Villalobos IT Dev Ops

Dev Ops Configuration Andres Villalobos IT Dev Ops

Res Ops Research Dev Ops across clouds Erik

Res Ops Research Dev Ops across clouds Erik

Res Ops Research Dev Ops across clouds Erik

Res Ops Research Dev Ops across clouds Erik

KIERAN JACOBSEN HP Understanding PKI and Certificate Services

KIERAN JACOBSEN HP Understanding PKI and Certificate Services

POWERSHELL SHENANIGANS LATERAL MOVEMENT WITH POWERSHELL KIERAN JACOBSEN

POWERSHELL SHENANIGANS LATERAL MOVEMENT WITH POWERSHELL KIERAN JACOBSEN

DIRECT ACCESS DOS AND DONTS KIERAN JACOBSEN HP

DIRECT ACCESS DOS AND DONTS KIERAN JACOBSEN HP

POWERSHELL SHENANIGANS LATERAL MOVEMENT WITH POWERSHELL KIERAN JACOBSEN

POWERSHELL SHENANIGANS LATERAL MOVEMENT WITH POWERSHELL KIERAN JACOBSEN

Azure Automation Invades Your Data Centre Kieran Jacobsen

Azure Automation Invades Your Data Centre Kieran Jacobsen

KIERAN JACOBSEN HP Understanding PKI and Certificate Services

KIERAN JACOBSEN HP Understanding PKI and Certificate Services

EVOLVING YOUR AUTOMATION WITH HYBRID WORKERS KIERAN JACOBSEN

EVOLVING YOUR AUTOMATION WITH HYBRID WORKERS KIERAN JACOBSEN

POWERSHELL SHENANIGANS KIERAN JACOBSEN HP ENTERPRISE SERVICES WHAT

POWERSHELL SHENANIGANS KIERAN JACOBSEN HP ENTERPRISE SERVICES WHAT

Secure Azure Deployment Patterns Kieran Jacobsen Microsoft MVP

Secure Azure Deployment Patterns Kieran Jacobsen Microsoft MVP

Mobile Dev Ops Mobile Apps APIs Mobile Dev

Mobile Dev Ops Mobile Apps APIs Mobile Dev