SlideShare uma empresa Scribd logo

DevSecOps: Security at the Speed of DevOp

Transferir como PPTX, PDF
VMware Tanzu
VMware Tanzu

SpringOne Platform 2018 DevSecOps: Security at the Speed of DevOp Larry Maccherone, Comcast

Software
1 de 27
LinkedIn.com/in/LarryMaccherone Security at the Speed of Software Development A lean/agile transformation approach to achieving a DevSecOps culture Larry Maccherone LinkedIn.com/in/LarryMaccherone
LinkedIn.com/in/LarryMaccherone Only 21% of [companies] believe that their organization's present culture and practices support collaboration across development, operations and security. ~Freeform Dynamics (IT industry analyst)
LinkedIn.com/in/LarryMaccherone Larry Maccherone Larry_Maccherone@Comcast.com Larry Maccherone LinkedIn.com/in/LarryMaccherone
LinkedIn.com/in/LarryMaccherone Dev[Sec]Ops is… empowered engineering teams taking ownership of how their product performs in production [including security]
Dev[Sec]Ops  different decisions
LinkedIn.com/in/LarryMaccherone Dev[Sec]Ops Results • Dramatically faster time to market  happier customers  more revenue • 5x lower rate of failures caused by changes1 • 96x faster recovery from downtime failures1 It’s scary to QA and Security, but “moving fast and breaking things” leads to dramatically lower rates of customer experienced defects and vulnerabilities 1Puppet’s 2017 State of DevOps Report
What is Software Security?
LinkedIn.com/in/LarryMaccherone When you say “security” to a developer, he/she thinks… Authentication & authorization Encryption
LinkedIn.com/in/LarryMaccherone The bad guys… Don’t attack the bank vault door (breaking auth/encryption) They try to bust through the walls (vulnerabilities in the non-security parts of your code)
Build-security-in
Software security puts focus on the bank vault walls
DevSecOps puts focus on the people, practices, and tools used to build the bank vault walls
Security practices on DevOps continuum  DevSecOps • Static/IAST analysis • Abuse case tests • Code review • Interrupt-the-pipeline code analysis • Threat modeling  backlog items • Analyze/Predict  backlog items • Design complies with policy? • Test security features • Common abuse cases • Pen testing (Vuls found  Test scripts) • Compliance validation (PCI, etc.) • Fuzzing • If we do X will it mitigate Y? • Capacity forecasting • Learning  Update playbooks and Training • Configuration validation • Feature toggles/Traffic shaping configuration • Secrets management • Log information for after-incident analysis • Intrusion detection • App attack detection • Restore/maintain service for non-attack usage • RASP auto respond • Roll-back or toggle off • Block attacker • Shut down services • Analysis  Learning • Defect/Incident 3-step • New attack surface? Plan to update threat model
That’s a lot of stuff! How do we get engineering teams to adopt?
A 3-part framework for adopting new practices and Dev[Sec]Ops culture change
1 Win the hearts and minds of developers
LinkedIn.com/in/LarryMaccherone Lack of TRUST between dev teams and security teams
Build security in more than bolt it on Rely on empowered engineering teams more than security specialists Implement features securely more than security features Rely on continuous learning more than end-of-phase gates Build on culture change more than policy enforcement DevSecOpsManifestoComcastSDL GuidingPrinciples
We, the Security Team… Recognize that Engineering Teams… • Want to do the right thing • Are closer to the business context and will make smart trade-off decisions between security and other risks • Want information and assistance so they can improve our security posture Pledge to… • Lower the cost/effort side of any investment in developer security tools or practices • Assist 2x as much with preventative initiatives as we beg for your assistance reacting to security incidents Understand that… • We are no longer gate keepers but rather tool-smiths and advisors
Credibility + Reliability + Empathy Trust = ———————————————— Apparent self-interest https://www.devsecopsdays.com/articles/trust-algorithm-applied-to-devsecops
2 Easy for dev teams to know what the right thing is and easy to do it
DevSecOps self-assessment
After self-assessment ask the team to pick some to turn dark(er) green in the next quarter
3 Management gets: Transparency of rollout status A mechanism to set goals
LinkedIn.com/in/LarryMaccherone Visualizing an org’s Dev[Sec]Ops practices
Many DevSecOps tools are just DevOps lipstick on a traditional tool pig DevSecOps tools talk Tomorrow 12:30-1pm Woodrow Wilson A
LinkedIn.com/in/LarryMaccherone What’s next? • DevSecOps tools talk tomorrow 12:30-1pm – Woodrow Wilson A • Read about the Trust Algorithm https://www.devsecopsdays.com/articles/ trust-algorithm-applied-to-devsecops • Connect with me LinkedIn.com/in/LarryMaccherone • Rate the talk in your app • Questions?

Recomendados

Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
VMware Tanzu
 
Wisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows Azure
Wade Wegner
 
Enterprise Java on Azure: From Java EE to Spring, we have you covered
Enterprise Java on Azure: From Java EE to Spring, we have you coveredEnterprise Java on Azure: From Java EE to Spring, we have you covered
Enterprise Java on Azure: From Java EE to Spring, we have you covered
Ed Burns
 
VMware - Snapshot sessions - Deploy and manage tomorrow's applications today
VMware - Snapshot sessions - Deploy and manage tomorrow's applications todayVMware - Snapshot sessions - Deploy and manage tomorrow's applications today
VMware - Snapshot sessions - Deploy and manage tomorrow's applications today
AnnSteyaert_vmware
 
Introduction to Spring Cloud Kubernetes
Introduction to Spring Cloud Kubernetes Introduction to Spring Cloud Kubernetes
Introduction to Spring Cloud Kubernetes
VMware Tanzu
 
How you as an ISV can build your app for the Azure Marketplace and have it sy...
How you as an ISV can build your app for the Azure Marketplace and have it sy...How you as an ISV can build your app for the Azure Marketplace and have it sy...
How you as an ISV can build your app for the Azure Marketplace and have it sy...
Microsoft Tech Community
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
VMware Tanzu
 
Continuous Delivery with CloudBees Core
Continuous Delivery with CloudBees CoreContinuous Delivery with CloudBees Core
Continuous Delivery with CloudBees Core
Bhavani Rao
 

Recomendados

Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
VMware Tanzu
 
Wisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows Azure
Wade Wegner
 
Enterprise Java on Azure: From Java EE to Spring, we have you covered
Enterprise Java on Azure: From Java EE to Spring, we have you coveredEnterprise Java on Azure: From Java EE to Spring, we have you covered
Enterprise Java on Azure: From Java EE to Spring, we have you covered
Ed Burns
 
VMware - Snapshot sessions - Deploy and manage tomorrow's applications today
VMware - Snapshot sessions - Deploy and manage tomorrow's applications todayVMware - Snapshot sessions - Deploy and manage tomorrow's applications today
VMware - Snapshot sessions - Deploy and manage tomorrow's applications today
AnnSteyaert_vmware
 
Introduction to Spring Cloud Kubernetes
Introduction to Spring Cloud Kubernetes Introduction to Spring Cloud Kubernetes
Introduction to Spring Cloud Kubernetes
VMware Tanzu
 
How you as an ISV can build your app for the Azure Marketplace and have it sy...
How you as an ISV can build your app for the Azure Marketplace and have it sy...How you as an ISV can build your app for the Azure Marketplace and have it sy...
How you as an ISV can build your app for the Azure Marketplace and have it sy...
Microsoft Tech Community
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
VMware Tanzu
 
Continuous Delivery with CloudBees Core
Continuous Delivery with CloudBees CoreContinuous Delivery with CloudBees Core
Continuous Delivery with CloudBees Core
Bhavani Rao
 
Enterprise Application Migration
Enterprise Application MigrationEnterprise Application Migration
Enterprise Application Migration
VMware Tanzu
 
Is Private Cloud Right for Your Organization
Is Private Cloud Right for Your OrganizationIs Private Cloud Right for Your Organization
Is Private Cloud Right for Your Organization
Dave Roberts
 
Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish
Achieving DevSecOps Outcomes with Tanzu Advanced - SpanishAchieving DevSecOps Outcomes with Tanzu Advanced - Spanish
Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish
VMware Tanzu
 
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
VMware Tanzu
 
Governance for your Modern Application Platform - November 4, 2020
Governance for your Modern Application Platform - November 4, 2020Governance for your Modern Application Platform - November 4, 2020
Governance for your Modern Application Platform - November 4, 2020
VMware Tanzu
 
Cloud-native Data
Cloud-native DataCloud-native Data
Cloud-native Data
cornelia davis
 
Pivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October ReleasePivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October Release
VMware Tanzu
 
Cloud Native DevOps
Cloud Native DevOpsCloud Native DevOps
Cloud Native DevOps
Jim Bugwadia
 
Tanzu Standard
Tanzu StandardTanzu Standard
Tanzu Standard
VMware Tanzu
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Novell
 
Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021
VMware Tanzu
 
Continuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform EnvironmentContinuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform Environment
VMware Tanzu
 
Getting Security in the Loop: Building Balanced Teams
Getting Security in the Loop: Building Balanced TeamsGetting Security in the Loop: Building Balanced Teams
Getting Security in the Loop: Building Balanced Teams
VMware Tanzu
 
Kubernetes on vSphere Presentation- July 23, 2020
Kubernetes on vSphere Presentation- July 23, 2020Kubernetes on vSphere Presentation- July 23, 2020
Kubernetes on vSphere Presentation- July 23, 2020
VMware Tanzu
 
StripeCon 2021: A Cloud-Native approach to running Silverstripe on Google Clo...
StripeCon 2021: A Cloud-Native approach to running Silverstripe on Google Clo...StripeCon 2021: A Cloud-Native approach to running Silverstripe on Google Clo...
StripeCon 2021: A Cloud-Native approach to running Silverstripe on Google Clo...
Jon Su
 
vSphere7 with Tanzu
vSphere7 with Tanzu vSphere7 with Tanzu
vSphere7 with Tanzu
VMware Tanzu
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA Software
AUGNYC
 
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
confluent
 
Welcome to the Metrics
Welcome to the MetricsWelcome to the Metrics
Welcome to the Metrics
VMware Tanzu
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
YoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 

Mais conteúdo relacionado

Mais procurados

Cloud-native Data
Cloud-native DataCloud-native Data
Cloud-native Data
cornelia davis
 
Pivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October ReleasePivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October Release
VMware Tanzu
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
confluent
 

Mais procurados (20)

Enterprise Application Migration
Enterprise Application MigrationEnterprise Application Migration
Enterprise Application Migration
 
Is Private Cloud Right for Your Organization
Is Private Cloud Right for Your OrganizationIs Private Cloud Right for Your Organization
Is Private Cloud Right for Your Organization
 
Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish
Achieving DevSecOps Outcomes with Tanzu Advanced - SpanishAchieving DevSecOps Outcomes with Tanzu Advanced - Spanish
Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish
 
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
 
Governance for your Modern Application Platform - November 4, 2020
Governance for your Modern Application Platform - November 4, 2020Governance for your Modern Application Platform - November 4, 2020
Governance for your Modern Application Platform - November 4, 2020
 
Cloud-native Data
Cloud-native DataCloud-native Data
Cloud-native Data
 
Pivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October ReleasePivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October Release
 
Cloud Native DevOps
Cloud Native DevOpsCloud Native DevOps
Cloud Native DevOps
 
Tanzu Standard
Tanzu StandardTanzu Standard
Tanzu Standard
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
 
Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021
 
Continuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform EnvironmentContinuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform Environment
 
Getting Security in the Loop: Building Balanced Teams
Getting Security in the Loop: Building Balanced TeamsGetting Security in the Loop: Building Balanced Teams
Getting Security in the Loop: Building Balanced Teams
 
Kubernetes on vSphere Presentation- July 23, 2020
Kubernetes on vSphere Presentation- July 23, 2020Kubernetes on vSphere Presentation- July 23, 2020
Kubernetes on vSphere Presentation- July 23, 2020
 
StripeCon 2021: A Cloud-Native approach to running Silverstripe on Google Clo...
StripeCon 2021: A Cloud-Native approach to running Silverstripe on Google Clo...StripeCon 2021: A Cloud-Native approach to running Silverstripe on Google Clo...
StripeCon 2021: A Cloud-Native approach to running Silverstripe on Google Clo...
 
vSphere7 with Tanzu
vSphere7 with Tanzu vSphere7 with Tanzu
vSphere7 with Tanzu
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA Software
 
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
Deploying Kafka on vSphere with Kubernetes Using the Confluent Operator (Just...
 
Welcome to the Metrics
Welcome to the MetricsWelcome to the Metrics
Welcome to the Metrics
 

Semelhante a DevSecOps: Security at the Speed of DevOp

Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
Aaron Rinehart
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
Techugo
 

Semelhante a DevSecOps: Security at the Speed of DevOp (20)

Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
Devsec ops
Devsec opsDevsec ops
Devsec ops
 
Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?
 
Developer Velocity
Developer VelocityDeveloper Velocity
Developer Velocity
 
State of DevSecOps - GTACS 2019
State of DevSecOps - GTACS 2019State of DevSecOps - GTACS 2019
State of DevSecOps - GTACS 2019
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
 
DevSecOpsMaturityModel.pdf
DevSecOpsMaturityModel.pdfDevSecOpsMaturityModel.pdf
DevSecOpsMaturityModel.pdf
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
 
MS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference ArchitectureMS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference Architecture
 
The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docx
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 

Mais de VMware Tanzu

Mais de VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Último

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 

Último (20)

%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 

DevSecOps: Security at the Speed of DevOp

Notas do Editor

  1. Add a step to the threat modeling row for how well they are doing it. Risk driven.
  2. We need a way to tie into the org leadership to get their input on what they want to do next. This visualization is fine, but we need an engagement model for execs and other management layers.