Download - Dev Breakfast: Level up to DevSecOps
![Page 1: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/1.jpg)
Preventing Devoops with DevSecOpsKieran JacobsenTechnical Lead – Infrastructure & Security
![Page 2: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/2.jpg)
/ Copyright ©2017 by Readify Limited2Page
2016 was a big year…
![Page 3: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/3.jpg)
/ Copyright ©2017 by Readify Limited3Page
2017 is getting of to a bad start…
![Page 4: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/4.jpg)
/ Copyright ©2017 by Readify Limited4Page
Before DevOps
![Page 5: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/5.jpg)
/ Copyright ©2017 by Readify Limited5Page
DevOps
![Page 6: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/6.jpg)
/ Copyright ©2017 by Readify Limited6Page
But Where Is Security?
![Page 7: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/7.jpg)
/ Copyright ©2017 by Readify Limited7Page
DevSecOps› Clear Communication Pathways› Streamlined Communication› Security As Code› Training› Integrate security into DevOps cycle
![Page 8: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/8.jpg)
/ Copyright ©2017 by Readify Limited9Page
Communication PathwaysDevelopment Operations
Security
![Page 9: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/9.jpg)
/ Copyright ©2017 by Readify Limited10Page
Streamlined CommunicationNO:› Excel checklists› Word document reports› Email Attachments
![Page 10: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/10.jpg)
/ Copyright ©2017 by Readify Limited11Page
Streamlined CommunicationYES:› Backlogs/boards
![Page 11: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/11.jpg)
/ Copyright ©2017 by Readify Limited12Page
Streamlined CommunicationYES:› Backlogs/boards› Support ticketing
![Page 12: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/12.jpg)
/ Copyright ©2017 by Readify Limited13Page
Streamlined CommunicationYES:› Backlogs/boards› Support ticketing› Markup and Git
![Page 13: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/13.jpg)
/ Copyright ©2017 by Readify Limited14Page
Security As Code› Application Source Code› Azure ARM and AWS Cloud Formation› Server Configuration – Chef, Puppet, DSC
![Page 14: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/14.jpg)
/ Copyright ©2017 by Readify Limited15Page
ARM Templates
![Page 15: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/15.jpg)
/ Copyright ©2017 by Readify Limited16Page
PowerShell DSC
![Page 16: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/16.jpg)
/ Copyright ©2017 by Readify Limited17Page
Training› We can’t be experts in Dev, Sec and Ops› We need cross pollination of skills› Starts at day 0› Hands on training for senior developers
![Page 17: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/17.jpg)
/ Copyright ©2017 by Readify Limited18Page
Training: PhishingEmployee Breakdown
Technical Non-Technical
Click Break Down
Technical Victims Non-Technical VictimsPassed
![Page 18: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/18.jpg)
/ Copyright ©2017 by Readify Limited19Page
Integrating Security
![Page 19: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/19.jpg)
/ Copyright ©2017 by Readify Limited20Page
Plan› Integrate security into sprint planning and reviews
› Consider security user stories early
![Page 20: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/20.jpg)
/ Copyright ©2017 by Readify Limited21Page
Code› Training!› Test driven development› Use of the correct tools› Pull Requests
![Page 21: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/21.jpg)
/ Copyright ©2017 by Readify Limited22Page
Build› Static code analysis› Dynamic code analysis
![Page 22: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/22.jpg)
/ Copyright ©2017 by Readify Limited23Page
Test› Develop security test cases› Fuzzing› Load testing
![Page 23: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/23.jpg)
/ Copyright ©2017 by Readify Limited24Page
Release & Deploy› Automated scanning upon deployment
![Page 24: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/24.jpg)
/ Copyright ©2017 by Readify Limited25Page
Operate & Monitor› Monitor logs› Rescan for vulnerabilities› Track dependencies
![Page 25: Dev Breakfast: Level up to DevSecOps](https://reader035.vdocuments.mx/reader035/viewer/2022062900/58d15b441a28ab41128b6be9/html5/thumbnails/25.jpg)
Thank You