www.ranger4.comoptimising the flow from idea to value realisation
DevSecOps: Is it a Good Thing?
Helen Beal
DevOpsologist
www.ranger4.comoptimising the flow from idea to value realisation
Agenda
• What is DevSecOps?
• Why is it a bad thing?
• Why is it a good thing?
• Will DevSecOps last forever?
• Things that you can do next
www.ranger4.comoptimising the flow from idea to value realisation
What is DevSecOps?
www.ranger4.comoptimising the flow from idea to value realisation
Is Security an Afterthought?
www.ranger4.comoptimising the flow from idea to value realisation
The Parts Unlimited Team
Lead Engineer
www.ranger4.comoptimising the flow from idea to value realisation
Leaning in over Always Saying “No”Data & Security Science over Fear, Uncertainty and Doubt
Open Contribution & Collaboration over Security-Only RequirementsConsumable Security Services with APIs over Mandated Security Controls & Paperwork
Business Driven Security Scores over Rubber Stamp SecurityRed & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
24x7 Proactive Security Monitoring over Reacting after being Informed of an IncidentShared Threat Intelligence over Keeping Info to Ourselves
Compliance Operations over Clipboards & Checklists
www.ranger4.comoptimising the flow from idea to value realisation
www.ranger4.comoptimising the flow from idea to value realisation
Why is DevSecOps a Bad Thing?
www.ranger4.comoptimising the flow from idea to value realisation
www.ranger4.comoptimising the flow from idea to value realisation
Why is DevSecOps a Good Thing?
www.ranger4.comoptimising the flow from idea to value realisation
“One way to enable market-oriented outcomes is for Operations to create a set of centralized platforms and tooling services that any Dev team can use to become more productive… a platform that provides a shared version control repository with pre-blessed security libraries, a deployment pipeline that automatically runs code quality and security scanning tools, which deploys our applications into known, good environments that already have production monitoring tools installed on them.”
The DevOps Handbook
www.ranger4.comoptimising the flow from idea to value realisation
Will DevSecOps last forever?
www.ranger4.comoptimising the flow from idea to value realisation
Things that you can do next
www.ranger4.comoptimising the flow from idea to value realisation
Things That You Can Do Next• Get a free scan and report on your open source component
vulnerabilities
• Book on a DevSecOps Engineering course (Public Schedule Feb
21/22 2018)
• Sit the DevOps Foundation Course as a prerequisite for DSOE –
public schedule December 13/14 2017
• Sign up for All Day DevOps! – I’ll be talking about DevSecOps and
the DevOps Superpattern
www.ranger4.comoptimising the flow from idea to value realisation
Be DevOpstastic