slides: the security challenge: kpn's practical approach
TRANSCRIPT
![Page 1: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/1.jpg)
The Security Challenge:
KPN's Practical Approach
for (IT) managers
Xebia Security
![Page 3: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/3.jpg)
KPN
Largest Telecom and IT operator in NL
Consumer, Business, Corporate markets
Several international brands
18,000 employees, 500M€ profit
![Page 4: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/4.jpg)
KPN Online
Most internet facing applications and apps
Open environment (www.kpn.com)
Selfcare environments (mobile & desktop)
Consumer and small business webshop
![Page 5: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/5.jpg)
-2013: project based
Security requirements Penetration test
Afterfix Afterfix 2
Retest
![Page 6: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/6.jpg)
2014: Agile transformation
![Page 7: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/7.jpg)
Security & Agile?
![Page 8: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/8.jpg)
Changing Responsibilies
![Page 9: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/9.jpg)
Integrate security expertise
![Page 10: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/10.jpg)
Split and simplify policies
![Page 11: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/11.jpg)
Standardized Architecture
![Page 12: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/12.jpg)
Security in SDLC
![Page 13: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/13.jpg)
Threat modeling by design
![Page 14: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/14.jpg)
Compliant Operation
Story
Code
Platform
Application
Operations
![Page 15: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/15.jpg)
Apply best practices
![Page 16: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/16.jpg)
SecDevOps: summary
Align Dev, Sec, Bus, And Ops
Standardize and simplify
Automate, automate, automate
Know your value
Attack yourself
Learn, teach and train
![Page 17: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/17.jpg)
SecDevOps: more info
devsecops.org - “Secure Agile Manifesto”
Forrester- “The Seven Habits of Rugged Devops”
Event.io- “Ten Ways to Develop a Rugged DevOps Approach”
![Page 18: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/18.jpg)
Just do it
![Page 19: Slides: The Security Challenge: KPN's Practical Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052915/58ecc4ed1a28ab020e8b459f/html5/thumbnails/19.jpg)
Thank you, Q&A