SlideShare uma empresa Scribd logo

Adversity: Good for software

James Wickett
James Wickett

Adversity is a fact of software security–bad things happen both intentionally and accidentally. In the InfoSec field there is a growing undercurrent of belief that we need to build code that is Rugged meaning code that is survivable, long-lasting and persistent in the face of adversity. When paired with DevOps the Rugged Software movement really begins to hit a nerve. The pairing, aptly called Rugged DevOps is where security becomes an asset to the organization and no longer a drag on innovation.

TecnologiaNegócios
1 de 54
Baixar para ler offline
Adversity: Good for Software
@wickett • Cloud Ops Team Lead, @NIGlobal • Tags: Rugged DevOps, OWASP, Cloud, Ruby • Blogger at ruggeddevops.org, blog.wickett.me, and theagileadmin.com • Founder of LASCON (http://lascon.org) • Security certs: CISSP, GWAPT, CCSK, ... • t: @wickett | e: james@wickett.me
Adversity requires Rugged solutions
Adversity Real or perceived negative actions and events that prohibit normal function and operation.
People Involved • Developers • Regular customers • Operations • Evil customers • Security • Hackers • Business
Adversity Actors • Malicious intent, targeted • Malicious intent, random • Neutral intent, targeted • Neutral intent, random • No intent, random
Ruggedization Theory Building solutions to handle adversity actors will cause unintended, positive benefits that will provide value that would have been unrealized otherwise.
Adversity fueled innovation • NASA in Space • Military hard drives • ATMs in Europe
"Secondly, our network got a lot stronger as a result of the LulzSec attacks." -Surviving Lulz: Behind the Scenes of LulzSec @SXSW 2012
“The phone isn't going to kill you if use it, but a car... well, we don't want code to crash your car.” -Auto Meets Mobile: Building In-Vehicle Apps @SXSW 2012
Software needs to face adversity head on
Software needs to be rugged to succeed
Current Software
Rugged Software
Current Software
Rugged Software
Current Software
Rugged Software
The Internets is Mean • Latency • Distribution • Anonymity • Varied protocols • People
Measuring Rugged
Rugged Software Manifesto
I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.
I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security.
I am rugged, not because it is easy, but because it is necessary... and I am up for the challenge.
Security vs. Rugged • Absence of • Verification of Events quality • Cost • Benefit • Negative • Positive • FUD • Known values • Toxic • Affirming
Ruggedization Theory Building solutions to handle adversity actors will cause unintended, positive benefits that will provide value that would have been unrealized otherwise.
No Pain, No Gain
Rugged-ities • Maintainability • Availability • Survivability • Defensibility • Security • Longevity • Portability • Reliability
If you want to build a ship, don't drum up people together to collect wood and don't assign them tasks and work, but rather teach them to long for the endless immensity of the sea - Antoine Jean-Baptiste Marie Roger de Saint Exupéry
People, Process, Tech
It’s not our problem anymore
Why do you see the speck that is in your brother’s eye, but do not notice the log that is in your own eye? - Jesus
source: Gene Kim, “When IT says No @SXSW 2012”
solution = devops
Security sees... • They feel they are the constant givers of unheeded advice • Business decisions made w/o worry of risk • Irrelevancy in the organization • They are the bearer of bad news • Even their tribe ignores them • Inequitable distribution of labor
the devops model is broken incomplete
rugged by design devops by culture
RUGGED source: Jessica Allen, http://drbl.in/bgwy
Rugged DevOps • repeatable – no manual errors • reliable - tested integration APIs • reviewable – model in source control • rapid – fast to build, provision, deploy • resilient – automated reconfiguration to swap servers (throw away infrastructure)
Rugged Applied Goal: Cloud Firewalls • Make every service/node/instance a DMZ • Cloud environment • 3-tier web architecture • Facilitate automated provisioning
Traditional (non-cloud) 3-Tier Web Architecture Firewall Web Web Web DMZ 1 Firewall Middle Tier Middle Tier DMZ 2 Firewall DB LDAP DMZ 3
Rugged Cloud Architecture firewall firewall firewall Web Web Web DMZ x3 firewall firewall Middle Tier Middle Tier DMZ x2 firewall firewall DB LDAP DMZ x3
Benefits firewall firewall firewall Web Web Web Repeatable Verifiable firewall firewall Middle Tier Middle Tier Prod/Dev/Test Matching firewall firewall DB LDAP Controlled Automated firewall firewall firewall firewall firewall firewall Web Web Web Web Web Web firewall firewall firewall firewall Middle Tier Middle Tier Middle Tier Middle Tier firewall firewall firewall firewall DB LDAP DB LDAP
and it grows to look something like this...
firewall firewall firewall firewall firewall firewall firewall firewall firewall Web Web Web Web Web Web Web Web Web firewall firewall firewall firewall firewall firewall Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier firewall firewall firewall firewall firewall firewall DB LDAP DB LDAP DB LDAP firewall firewall firewall firewall firewall firewall firewall firewall firewall Web Web Web Web Web Web Web Web Web firewall firewall firewall firewall firewall firewall Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier firewall firewall firewall firewall firewall firewall DB LDAP DB LDAP DB LDAP firewall firewall firewall firewall firewall firewall firewall firewall firewall Web Web Web Web Web Web Web Web Web firewall firewall firewall firewall firewall firewall Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier firewall firewall firewall firewall firewall firewall DB LDAP DB LDAP DB LDAP
Rugged Benefits • Control and traffic whitelisting • Config Management • Reproducible and Automated • Data can’t traverse environments accidentally • Dev and Test Tier accurate
Rugged DevOps Next Steps • Build a Rugged DevOps team: Dev, Ops, Security • Implement a chaos monkey • Track security flaws or bugs in the same bug tracking system for development • Automate, track results, repeat • Join the RDO movement!
Want to help me? • Upcoming book: Rugged Driven Development: Building Software in an Adversity Fueled Environment (will live at ruggeddev.com) • Open Source Project: Gauntlet on github at github.com/wickett/gauntlet • I need contributors and reviewers! • Contact me: @wickett
Join Rugged DevOps! • Twitter: @ruggeddevops • Get involved in the movement • http://join.ruggeddevops.org

Recomendados

Developing modular, polyglot applications with Spring (SpringOne India 2012)
Developing modular, polyglot applications with Spring (SpringOne India 2012)Developing modular, polyglot applications with Spring (SpringOne India 2012)
Developing modular, polyglot applications with Spring (SpringOne India 2012)Chris Richardson
 
Devoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesDevoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesEric Bottard
 
There is NO CLOUD: For Non-Geeks
There is NO CLOUD: For Non-GeeksThere is NO CLOUD: For Non-Geeks
There is NO CLOUD: For Non-GeeksOpen Spectrum Inc
 
There is NO CLOUD: Geeky Version
There is NO CLOUD: Geeky VersionThere is NO CLOUD: Geeky Version
There is NO CLOUD: Geeky VersionOpen Spectrum Inc
 
Hecatonchire kvm forum_2012_benoit_hudzia
Hecatonchire kvm forum_2012_benoit_hudziaHecatonchire kvm forum_2012_benoit_hudzia
Hecatonchire kvm forum_2012_benoit_hudziaBenoit Hudzia
 
Developer's Most Frequent Hadoop Headaches & How to Address Them__HadoopSumm...
Developer's Most Frequent Hadoop Headaches & How to Address Them__HadoopSumm...Developer's Most Frequent Hadoop Headaches & How to Address Them__HadoopSumm...
Developer's Most Frequent Hadoop Headaches & How to Address Them__HadoopSumm...Yahoo Developer Network
 
Lego Cloud SAP Virtualization Week 2012
Lego Cloud SAP Virtualization Week 2012Lego Cloud SAP Virtualization Week 2012
Lego Cloud SAP Virtualization Week 2012Benoit Hudzia
 
Hadoop Successes and Failures to Drive Deployment Evolution
Hadoop Successes and Failures to Drive Deployment EvolutionHadoop Successes and Failures to Drive Deployment Evolution
Hadoop Successes and Failures to Drive Deployment EvolutionBenoit Perroud
 

Recomendados

Developing modular, polyglot applications with Spring (SpringOne India 2012)
Developing modular, polyglot applications with Spring (SpringOne India 2012)Developing modular, polyglot applications with Spring (SpringOne India 2012)
Developing modular, polyglot applications with Spring (SpringOne India 2012)Chris Richardson
 
Devoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesDevoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesEric Bottard
 
There is NO CLOUD: For Non-Geeks
There is NO CLOUD: For Non-GeeksThere is NO CLOUD: For Non-Geeks
There is NO CLOUD: For Non-GeeksOpen Spectrum Inc
 
There is NO CLOUD: Geeky Version
There is NO CLOUD: Geeky VersionThere is NO CLOUD: Geeky Version
There is NO CLOUD: Geeky VersionOpen Spectrum Inc
 
Hecatonchire kvm forum_2012_benoit_hudzia
Hecatonchire kvm forum_2012_benoit_hudziaHecatonchire kvm forum_2012_benoit_hudzia
Hecatonchire kvm forum_2012_benoit_hudziaBenoit Hudzia
 
Developer's Most Frequent Hadoop Headaches & How to Address Them__HadoopSumm...
Developer's Most Frequent Hadoop Headaches & How to Address Them__HadoopSumm...Developer's Most Frequent Hadoop Headaches & How to Address Them__HadoopSumm...
Developer's Most Frequent Hadoop Headaches & How to Address Them__HadoopSumm...Yahoo Developer Network
 
Lego Cloud SAP Virtualization Week 2012
Lego Cloud SAP Virtualization Week 2012Lego Cloud SAP Virtualization Week 2012
Lego Cloud SAP Virtualization Week 2012Benoit Hudzia
 
Hadoop Successes and Failures to Drive Deployment Evolution
Hadoop Successes and Failures to Drive Deployment EvolutionHadoop Successes and Failures to Drive Deployment Evolution
Hadoop Successes and Failures to Drive Deployment EvolutionBenoit Perroud
 
Low Latency SQL on Hadoop - What's best for your cluster
Low Latency SQL on Hadoop - What's best for your clusterLow Latency SQL on Hadoop - What's best for your cluster
Low Latency SQL on Hadoop - What's best for your clusterDataWorks Summit
 
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...DATAVERSITY
 
Acus08 ASF Sponsorship
Acus08 ASF SponsorshipAcus08 ASF Sponsorship
Acus08 ASF SponsorshipJim Jagielski
 
Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messagesyarapavan
 
Randy Shoup eBays Architectural Principles
Randy Shoup eBays Architectural PrinciplesRandy Shoup eBays Architectural Principles
Randy Shoup eBays Architectural Principlesdeimos
 
The Lean Cloud for Startups with AWS - Cost Optimisation
The Lean Cloud for Startups with AWS - Cost OptimisationThe Lean Cloud for Startups with AWS - Cost Optimisation
The Lean Cloud for Startups with AWS - Cost OptimisationAmazon Web Services
 
Cloud computing bringing the dark side of enterprise apps into the light by...
Cloud computing bringing the dark side of enterprise apps into the light by...Cloud computing bringing the dark side of enterprise apps into the light by...
Cloud computing bringing the dark side of enterprise apps into the light by...Khazret Sapenov
 
Django è pronto per l'Enterprise
Django è pronto per l'EnterpriseDjango è pronto per l'Enterprise
Django è pronto per l'EnterprisePyCon Italia
 
Site Studio Fundamentals Supplemental Slides
Site Studio Fundamentals Supplemental SlidesSite Studio Fundamentals Supplemental Slides
Site Studio Fundamentals Supplemental SlidesLee Klement
 
Hadoop Summit 2012 | HBase Consistency and Performance Improvements
Hadoop Summit 2012 | HBase Consistency and Performance ImprovementsHadoop Summit 2012 | HBase Consistency and Performance Improvements
Hadoop Summit 2012 | HBase Consistency and Performance ImprovementsCloudera, Inc.
 
Stathy DevOps in MSP / MKE on IAC
Stathy DevOps in MSP / MKE on IACStathy DevOps in MSP / MKE on IAC
Stathy DevOps in MSP / MKE on IACStathy Touloumis
 
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...C2B2 Consulting
 
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure PlatformVitor Tomaz
 
How did you know this ad would be relevant for me?
How did you know this ad would be relevant for me?How did you know this ad would be relevant for me?
How did you know this ad would be relevant for me?DataWorks Summit
 
Coherence For Extreme Performance, Availablity and Scalability
Coherence For Extreme Performance, Availablity and ScalabilityCoherence For Extreme Performance, Availablity and Scalability
Coherence For Extreme Performance, Availablity and ScalabilityC2B2 Consulting
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your CodeJames Wickett
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkJames Wickett
 
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...James Wickett
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged James Wickett
 
New Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application SecurityNew Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application SecurityJames Wickett
 
Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?James Wickett
 
Tyranny of the SLA
Tyranny of the SLATyranny of the SLA
Tyranny of the SLAJ. Paul Reed
 

Mais conteúdo relacionado

Mais procurados

Low Latency SQL on Hadoop - What's best for your cluster
Low Latency SQL on Hadoop - What's best for your clusterLow Latency SQL on Hadoop - What's best for your cluster
Low Latency SQL on Hadoop - What's best for your clusterDataWorks Summit
 
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...DATAVERSITY
 
Acus08 ASF Sponsorship
Acus08 ASF SponsorshipAcus08 ASF Sponsorship
Acus08 ASF SponsorshipJim Jagielski
 
Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messagesyarapavan
 
Randy Shoup eBays Architectural Principles
Randy Shoup eBays Architectural PrinciplesRandy Shoup eBays Architectural Principles
Randy Shoup eBays Architectural Principlesdeimos
 
The Lean Cloud for Startups with AWS - Cost Optimisation
The Lean Cloud for Startups with AWS - Cost OptimisationThe Lean Cloud for Startups with AWS - Cost Optimisation
The Lean Cloud for Startups with AWS - Cost OptimisationAmazon Web Services
 
Cloud computing bringing the dark side of enterprise apps into the light by...
Cloud computing bringing the dark side of enterprise apps into the light by...Cloud computing bringing the dark side of enterprise apps into the light by...
Cloud computing bringing the dark side of enterprise apps into the light by...Khazret Sapenov
 
Django è pronto per l'Enterprise
Django è pronto per l'EnterpriseDjango è pronto per l'Enterprise
Django è pronto per l'EnterprisePyCon Italia
 
Site Studio Fundamentals Supplemental Slides
Site Studio Fundamentals Supplemental SlidesSite Studio Fundamentals Supplemental Slides
Site Studio Fundamentals Supplemental SlidesLee Klement
 
Hadoop Summit 2012 | HBase Consistency and Performance Improvements
Hadoop Summit 2012 | HBase Consistency and Performance ImprovementsHadoop Summit 2012 | HBase Consistency and Performance Improvements
Hadoop Summit 2012 | HBase Consistency and Performance ImprovementsCloudera, Inc.
 
Stathy DevOps in MSP / MKE on IAC
Stathy DevOps in MSP / MKE on IACStathy DevOps in MSP / MKE on IAC
Stathy DevOps in MSP / MKE on IACStathy Touloumis
 
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...C2B2 Consulting
 
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure PlatformVitor Tomaz
 
How did you know this ad would be relevant for me?
How did you know this ad would be relevant for me?How did you know this ad would be relevant for me?
How did you know this ad would be relevant for me?DataWorks Summit
 
Coherence For Extreme Performance, Availablity and Scalability
Coherence For Extreme Performance, Availablity and ScalabilityCoherence For Extreme Performance, Availablity and Scalability
Coherence For Extreme Performance, Availablity and ScalabilityC2B2 Consulting
 

Mais procurados (15)

Low Latency SQL on Hadoop - What's best for your cluster
Low Latency SQL on Hadoop - What's best for your clusterLow Latency SQL on Hadoop - What's best for your cluster
Low Latency SQL on Hadoop - What's best for your cluster
 
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...
How AOL Advertising Uses NoSQL to Make Millions of Smart Targeting Decisions ...
 
Acus08 ASF Sponsorship
Acus08 ASF SponsorshipAcus08 ASF Sponsorship
Acus08 ASF Sponsorship
 
Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messages
 
Randy Shoup eBays Architectural Principles
Randy Shoup eBays Architectural PrinciplesRandy Shoup eBays Architectural Principles
Randy Shoup eBays Architectural Principles
 
The Lean Cloud for Startups with AWS - Cost Optimisation
The Lean Cloud for Startups with AWS - Cost OptimisationThe Lean Cloud for Startups with AWS - Cost Optimisation
The Lean Cloud for Startups with AWS - Cost Optimisation
 
Cloud computing bringing the dark side of enterprise apps into the light by...
Cloud computing bringing the dark side of enterprise apps into the light by...Cloud computing bringing the dark side of enterprise apps into the light by...
Cloud computing bringing the dark side of enterprise apps into the light by...
 
Django è pronto per l'Enterprise
Django è pronto per l'EnterpriseDjango è pronto per l'Enterprise
Django è pronto per l'Enterprise
 
Site Studio Fundamentals Supplemental Slides
Site Studio Fundamentals Supplemental SlidesSite Studio Fundamentals Supplemental Slides
Site Studio Fundamentals Supplemental Slides
 
Hadoop Summit 2012 | HBase Consistency and Performance Improvements
Hadoop Summit 2012 | HBase Consistency and Performance ImprovementsHadoop Summit 2012 | HBase Consistency and Performance Improvements
Hadoop Summit 2012 | HBase Consistency and Performance Improvements
 
Stathy DevOps in MSP / MKE on IAC
Stathy DevOps in MSP / MKE on IACStathy DevOps in MSP / MKE on IAC
Stathy DevOps in MSP / MKE on IAC
 
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...
Data Grids for Extreme Performance, Scalability and Availability JavaOne 2011...
 
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform
[.Net Juniors Academy] Introdução ao Cloud Computing e Windows Azure Platform
 
How did you know this ad would be relevant for me?
How did you know this ad would be relevant for me?How did you know this ad would be relevant for me?
How did you know this ad would be relevant for me?
 
Coherence For Extreme Performance, Availablity and Scalability
Coherence For Extreme Performance, Availablity and ScalabilityCoherence For Extreme Performance, Availablity and Scalability
Coherence For Extreme Performance, Availablity and Scalability
 

Destaque

Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your CodeJames Wickett
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkJames Wickett
 
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...James Wickett
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged James Wickett
 
New Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application SecurityNew Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application SecurityJames Wickett
 
Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?James Wickett
 
Tyranny of the SLA
Tyranny of the SLATyranny of the SLA
Tyranny of the SLAJ. Paul Reed
 

Destaque (7)

Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your Code
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE framework
 
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & ope...
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
 
New Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application SecurityNew Farming Methods in the Epistemological Wasteland of Application Security
New Farming Methods in the Epistemological Wasteland of Application Security
 
Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?
 
Tyranny of the SLA
Tyranny of the SLATyranny of the SLA
Tyranny of the SLA
 

Semelhante a Adversity: Good for software

Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzJames Wickett
 
Cloud Computing & Scaling Web Apps
Cloud Computing & Scaling Web AppsCloud Computing & Scaling Web Apps
Cloud Computing & Scaling Web AppsMark Slingsby
 
Rugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOpsRugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOpsJames Wickett
 
Open Cloud Interop Public
Open Cloud Interop PublicOpen Cloud Interop Public
Open Cloud Interop Publicrvanhoe
 
Always On - Wydajność i bezpieczeństwo naszych danych - High Availability SQL...
Always On - Wydajność i bezpieczeństwo naszych danych - High Availability SQL...Always On - Wydajność i bezpieczeństwo naszych danych - High Availability SQL...
Always On - Wydajność i bezpieczeństwo naszych danych - High Availability SQL...SQLExpert.pl
 
Dynamo Systems - QCon SF 2012 Presentation
Dynamo Systems - QCon SF 2012 PresentationDynamo Systems - QCon SF 2012 Presentation
Dynamo Systems - QCon SF 2012 PresentationShanley Kane
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformAsmTrash
 
Leveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buckLeveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buckDesk
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformDavid Chou
 
Sql server 2012 ha and dr sql saturday boston
Sql server 2012 ha and dr sql saturday bostonSql server 2012 ha and dr sql saturday boston
Sql server 2012 ha and dr sql saturday bostonJoseph D'Antoni
 
Sql Server 2012 HA and DR -- SQL Saturday Richmond
Sql Server 2012 HA and DR -- SQL Saturday RichmondSql Server 2012 HA and DR -- SQL Saturday Richmond
Sql Server 2012 HA and DR -- SQL Saturday RichmondJoseph D'Antoni
 
A Behind the Scenes Look at the Force.com Platform
A Behind the Scenes Look at the Force.com PlatformA Behind the Scenes Look at the Force.com Platform
A Behind the Scenes Look at the Force.com PlatformSalesforce Developers
 
Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram Chinta
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudKhazret Sapenov
 
Distributed Stream Processing on Fluentd / #fluentd
Distributed Stream Processing on Fluentd / #fluentdDistributed Stream Processing on Fluentd / #fluentd
Distributed Stream Processing on Fluentd / #fluentdSATOSHI TAGOMORI
 
Sql server 2012 ha and dr sql saturday dc
Sql server 2012 ha and dr sql saturday dcSql server 2012 ha and dr sql saturday dc
Sql server 2012 ha and dr sql saturday dcJoseph D'Antoni
 

Semelhante a Adversity: Good for software (20)

Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudz
 
Cloud Computing & Scaling Web Apps
Cloud Computing & Scaling Web AppsCloud Computing & Scaling Web Apps
Cloud Computing & Scaling Web Apps
 
Rugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOpsRugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOps
 
Open Cloud Interop Public
Open Cloud Interop PublicOpen Cloud Interop Public
Open Cloud Interop Public
 
Always On - Wydajność i bezpieczeństwo naszych danych - High Availability SQL...
Always On - Wydajność i bezpieczeństwo naszych danych - High Availability SQL...Always On - Wydajność i bezpieczeństwo naszych danych - High Availability SQL...
Always On - Wydajność i bezpieczeństwo naszych danych - High Availability SQL...
 
PHP in the Cloud
PHP in the CloudPHP in the Cloud
PHP in the Cloud
 
Dynamo Systems - QCon SF 2012 Presentation
Dynamo Systems - QCon SF 2012 PresentationDynamo Systems - QCon SF 2012 Presentation
Dynamo Systems - QCon SF 2012 Presentation
 
Cloud taxonomy yong kigkeat
Cloud taxonomy yong kigkeatCloud taxonomy yong kigkeat
Cloud taxonomy yong kigkeat
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
 
Leveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buckLeveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buck
 
Gearman
GearmanGearman
Gearman
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
 
Sql server 2012 ha and dr sql saturday boston
Sql server 2012 ha and dr sql saturday bostonSql server 2012 ha and dr sql saturday boston
Sql server 2012 ha and dr sql saturday boston
 
Sql Server 2012 HA and DR -- SQL Saturday Richmond
Sql Server 2012 HA and DR -- SQL Saturday RichmondSql Server 2012 HA and DR -- SQL Saturday Richmond
Sql Server 2012 HA and DR -- SQL Saturday Richmond
 
A Behind the Scenes Look at the Force.com Platform
A Behind the Scenes Look at the Force.com PlatformA Behind the Scenes Look at the Force.com Platform
A Behind the Scenes Look at the Force.com Platform
 
Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloud
 
Distributed Stream Processing on Fluentd / #fluentd
Distributed Stream Processing on Fluentd / #fluentdDistributed Stream Processing on Fluentd / #fluentd
Distributed Stream Processing on Fluentd / #fluentd
 
Liferay and Cloud
Liferay and CloudLiferay and Cloud
Liferay and Cloud
 
Sql server 2012 ha and dr sql saturday dc
Sql server 2012 ha and dr sql saturday dcSql server 2012 ha and dr sql saturday dc
Sql server 2012 ha and dr sql saturday dc
 

Mais de James Wickett

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREJames Wickett
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREJames Wickett
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldJames Wickett
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessJames Wickett
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleJames Wickett
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019James Wickett
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsJames Wickett
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsJames Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneJames Wickett
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpJames Wickett
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019James Wickett
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS LaneJames Wickett
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsJames Wickett
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldJames Wickett
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018James Wickett
 

Mais de James Wickett (20)

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
 

Último

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Último (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Adversity: Good for software

  • 2. @wickett • Cloud Ops Team Lead, @NIGlobal • Tags: Rugged DevOps, OWASP, Cloud, Ruby • Blogger at ruggeddevops.org, blog.wickett.me, and theagileadmin.com • Founder of LASCON (http://lascon.org) • Security certs: CISSP, GWAPT, CCSK, ... • t: @wickett | e: james@wickett.me
  • 4. Adversity Real or perceived negative actions and events that prohibit normal function and operation.
  • 5. People Involved • Developers • Regular customers • Operations • Evil customers • Security • Hackers • Business
  • 6. Adversity Actors • Malicious intent, targeted • Malicious intent, random • Neutral intent, targeted • Neutral intent, random • No intent, random
  • 7. Ruggedization Theory Building solutions to handle adversity actors will cause unintended, positive benefits that will provide value that would have been unrealized otherwise.
  • 8. Adversity fueled innovation • NASA in Space • Military hard drives • ATMs in Europe
  • 9. "Secondly, our network got a lot stronger as a result of the LulzSec attacks." -Surviving Lulz: Behind the Scenes of LulzSec @SXSW 2012
  • 10. “The phone isn't going to kill you if use it, but a car... well, we don't want code to crash your car.” -Auto Meets Mobile: Building In-Vehicle Apps @SXSW 2012
  • 11. Software needs to face adversity head on
  • 12. Software needs to be rugged to succeed
  • 19. The Internets is Mean • Latency • Distribution • Anonymity • Varied protocols • People
  • 21.
  • 22.
  • 23. Rugged Software Manifesto
  • 24. I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.
  • 25. I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security.
  • 26. I am rugged, not because it is easy, but because it is necessary... and I am up for the challenge.
  • 27. Security vs. Rugged • Absence of • Verification of Events quality • Cost • Benefit • Negative • Positive • FUD • Known values • Toxic • Affirming
  • 28. Ruggedization Theory Building solutions to handle adversity actors will cause unintended, positive benefits that will provide value that would have been unrealized otherwise.
  • 29. No Pain, No Gain
  • 30.
  • 31.
  • 32.
  • 33. Rugged-ities • Maintainability • Availability • Survivability • Defensibility • Security • Longevity • Portability • Reliability
  • 34. If you want to build a ship, don't drum up people together to collect wood and don't assign them tasks and work, but rather teach them to long for the endless immensity of the sea - Antoine Jean-Baptiste Marie Roger de Saint Exupéry
  • 36. It’s not our problem anymore
  • 37. Why do you see the speck that is in your brother’s eye, but do not notice the log that is in your own eye? - Jesus
  • 38. source: Gene Kim, “When IT says No @SXSW 2012”
  • 40. Security sees... • They feel they are the constant givers of unheeded advice • Business decisions made w/o worry of risk • Irrelevancy in the organization • They are the bearer of bad news • Even their tribe ignores them • Inequitable distribution of labor
  • 41. the devops model is broken incomplete
  • 43. RUGGED source: Jessica Allen, http://drbl.in/bgwy
  • 44. Rugged DevOps • repeatable – no manual errors • reliable - tested integration APIs • reviewable – model in source control • rapid – fast to build, provision, deploy • resilient – automated reconfiguration to swap servers (throw away infrastructure)
  • 45. Rugged Applied Goal: Cloud Firewalls • Make every service/node/instance a DMZ • Cloud environment • 3-tier web architecture • Facilitate automated provisioning
  • 46. Traditional (non-cloud) 3-Tier Web Architecture Firewall Web Web Web DMZ 1 Firewall Middle Tier Middle Tier DMZ 2 Firewall DB LDAP DMZ 3
  • 47. Rugged Cloud Architecture firewall firewall firewall Web Web Web DMZ x3 firewall firewall Middle Tier Middle Tier DMZ x2 firewall firewall DB LDAP DMZ x3
  • 48. Benefits firewall firewall firewall Web Web Web Repeatable Verifiable firewall firewall Middle Tier Middle Tier Prod/Dev/Test Matching firewall firewall DB LDAP Controlled Automated firewall firewall firewall firewall firewall firewall Web Web Web Web Web Web firewall firewall firewall firewall Middle Tier Middle Tier Middle Tier Middle Tier firewall firewall firewall firewall DB LDAP DB LDAP
  • 49. and it grows to look something like this...
  • 50. firewall firewall firewall firewall firewall firewall firewall firewall firewall Web Web Web Web Web Web Web Web Web firewall firewall firewall firewall firewall firewall Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier firewall firewall firewall firewall firewall firewall DB LDAP DB LDAP DB LDAP firewall firewall firewall firewall firewall firewall firewall firewall firewall Web Web Web Web Web Web Web Web Web firewall firewall firewall firewall firewall firewall Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier firewall firewall firewall firewall firewall firewall DB LDAP DB LDAP DB LDAP firewall firewall firewall firewall firewall firewall firewall firewall firewall Web Web Web Web Web Web Web Web Web firewall firewall firewall firewall firewall firewall Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier Middle Tier firewall firewall firewall firewall firewall firewall DB LDAP DB LDAP DB LDAP
  • 51. Rugged Benefits • Control and traffic whitelisting • Config Management • Reproducible and Automated • Data can’t traverse environments accidentally • Dev and Test Tier accurate
  • 52. Rugged DevOps Next Steps • Build a Rugged DevOps team: Dev, Ops, Security • Implement a chaos monkey • Track security flaws or bugs in the same bug tracking system for development • Automate, track results, repeat • Join the RDO movement!
  • 53. Want to help me? • Upcoming book: Rugged Driven Development: Building Software in an Adversity Fueled Environment (will live at ruggeddev.com) • Open Source Project: Gauntlet on github at github.com/wickett/gauntlet • I need contributors and reviewers! • Contact me: @wickett
  • 54. Join Rugged DevOps! • Twitter: @ruggeddevops • Get involved in the movement • http://join.ruggeddevops.org