Enviar pesquisa
Carregar
Implementing DevOps in a Regulated Environment - DJ Schleen
•
0 gostou
•
1,516 visualizações
S
SeniorStoryteller
Seguir
DevOps Connect: DevSecOps Edition at RSAC 2017
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 18
Baixar agora
Baixar para ler offline
Recomendados
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
SeniorStoryteller
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
SeniorStoryteller
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
SeniorStoryteller
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
SeniorStoryteller
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
Amazon Web Services
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
Recomendados
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
SeniorStoryteller
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
SeniorStoryteller
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
SeniorStoryteller
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
SeniorStoryteller
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
Amazon Web Services
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOpsSg
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
James Wickett
Benefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
James Wickett
DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
WhiteSource
DevSecOps for the DoD
DevSecOps for the DoD
JamesHarmison
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
Qualitest
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
DevOps or DevSecOps
DevOps or DevSecOps
Michelangelo van Dam
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
Tushar Gupta
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident Management
ShriniKulkarni
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Michael Man
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
SeniorStoryteller
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
Mais conteúdo relacionado
Mais procurados
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOpsSg
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
James Wickett
Benefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
James Wickett
DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
WhiteSource
DevSecOps for the DoD
DevSecOps for the DoD
JamesHarmison
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
Qualitest
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
DevOps or DevSecOps
DevOps or DevSecOps
Michelangelo van Dam
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
Tushar Gupta
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident Management
ShriniKulkarni
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Michael Man
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
Mais procurados
(20)
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
Benefits of DevSecOps
Benefits of DevSecOps
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
DevSecOps 101
DevSecOps 101
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
DevSecOps for the DoD
DevSecOps for the DoD
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
DevOps or DevSecOps
DevOps or DevSecOps
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident Management
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
Destaque
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
SeniorStoryteller
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John Willis
SeniorStoryteller
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
SeniorStoryteller
DevOps and IT security
DevOps and IT security
ch.osme
DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)
Arjun Comar
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
Integrating DevOps and Security
Integrating DevOps and Security
Stijn Muylle
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
Xebia Masterclass Better-Faster-Smarter-with-DevOps
Xebia Masterclass Better-Faster-Smarter-with-DevOps
Andja Bratić
7 habits for success with enterprise/IT architecture [in Dutch]
7 habits for success with enterprise/IT architecture [in Dutch]
Rik Farenhorst
Evergent case study
Evergent case study
Ravi Ganamukhi
The R.O.A.D to DevOps
The R.O.A.D to DevOps
SeniorStoryteller
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
Perforce
2016 - IGNITE - Real Heroes Draw Pictures
2016 - IGNITE - Real Heroes Draw Pictures
devopsdaysaustin
Destaque
(20)
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John Willis
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh Raghavan
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
DevOps and IT security
DevOps and IT security
DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Integrating DevOps and Security
Integrating DevOps and Security
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Xebia Masterclass Better-Faster-Smarter-with-DevOps
Xebia Masterclass Better-Faster-Smarter-with-DevOps
7 habits for success with enterprise/IT architecture [in Dutch]
7 habits for success with enterprise/IT architecture [in Dutch]
Evergent case study
Evergent case study
The R.O.A.D to DevOps
The R.O.A.D to DevOps
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
2016 - IGNITE - Real Heroes Draw Pictures
2016 - IGNITE - Real Heroes Draw Pictures
Semelhante a Implementing DevOps in a Regulated Environment - DJ Schleen
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
Amazon Web Services
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
DevOps.com
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
Deborah Schalm
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
Colin Domoney
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Amazon Web Services
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
MobibizIndia1
Devops
Devops
penetration Tester
DevOps for the DBA- Jax Style!
DevOps for the DBA- Jax Style!
Kellyn Pot'Vin-Gorman
Security Spotlight: Presidio
Security Spotlight: Presidio
Alert Logic
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
Dev Software
New DevOps for the DBA
New DevOps for the DBA
Kellyn Pot'Vin-Gorman
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for Enterprise
Opsta
DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptx
Gurajalanaganarasimh
DevSecOps on Azure
DevSecOps on Azure
Seven Peaks Speaks
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
DevOps.com
Our journey from manual deployment on data center
Our journey from manual deployment on data center
AgileSparks
Large-Scale Enterprise Platform Transformation with Microservices, DevOps, an...
Large-Scale Enterprise Platform Transformation with Microservices, DevOps, an...
VMware Tanzu
DevOps: Security's Big Opportunity
DevOps: Security's Big Opportunity
Timothy Jarrett
Semelhante a Implementing DevOps in a Regulated Environment - DJ Schleen
(20)
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Devops
Devops
DevOps for the DBA- Jax Style!
DevOps for the DBA- Jax Style!
Security Spotlight: Presidio
Security Spotlight: Presidio
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
New DevOps for the DBA
New DevOps for the DBA
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for Enterprise
DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptx
DevSecOps on Azure
DevSecOps on Azure
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Our journey from manual deployment on data center
Our journey from manual deployment on data center
Large-Scale Enterprise Platform Transformation with Microservices, DevOps, an...
Large-Scale Enterprise Platform Transformation with Microservices, DevOps, an...
DevOps: Security's Big Opportunity
DevOps: Security's Big Opportunity
Mais de SeniorStoryteller
NuGet Package Management Done Right
NuGet Package Management Done Right
SeniorStoryteller
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
SeniorStoryteller
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps Transformations
SeniorStoryteller
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
SeniorStoryteller
Aligning Your Team and Your Powers for Success
Aligning Your Team and Your Powers for Success
SeniorStoryteller
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOps
SeniorStoryteller
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
SeniorStoryteller
Guns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh Corman
SeniorStoryteller
What We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOps
SeniorStoryteller
Release Engineering and Rugged DevOps: An Intersection?
Release Engineering and Rugged DevOps: An Intersection?
SeniorStoryteller
Ops Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller
What We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOps
SeniorStoryteller
The Journey to DevSecOps
The Journey to DevSecOps
SeniorStoryteller
Building Security Controls around Attack Models
Building Security Controls around Attack Models
SeniorStoryteller
Mais de SeniorStoryteller
(16)
NuGet Package Management Done Right
NuGet Package Management Done Right
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps Transformations
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
Aligning Your Team and Your Powers for Success
Aligning Your Team and Your Powers for Success
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOps
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
Guns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh Corman
What We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOps
Release Engineering and Rugged DevOps: An Intersection?
Release Engineering and Rugged DevOps: An Intersection?
Ops Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the Way
What We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOps
The Journey to DevSecOps
The Journey to DevSecOps
Building Security Controls around Attack Models
Building Security Controls around Attack Models
Último
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Último
(20)
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Implementing DevOps in a Regulated Environment - DJ Schleen
1.
Quality health plans & benefits Healthier living Financial well-being Intelligent solutions DJ Schleen February 13, 2017 Implementing DevOps in a Regulated Environment @dschleen
2.
© 2017 Aetna Inc. 2
3.
© 2017 Aetna Inc. 3
4.
© 2017 Aetna Inc. Let’s bust out some walls and install some windows… 4
5.
© 2017 Aetna Inc. The Aetna Landscape The seeds of DevOps are germinating everywhere • 3,500+ Developers • 1,500+ Applications •
Multiple deployment platforms and development languages • Robust software security program and training programs • Formerly a “waterfall” organization, but evolving people and resources to support DevOps • Mature DevOps practices in some facets of the organization and subsidiaries • Evolving legacy apps to support microservice design principles and containerization 5
6.
© 2017 Aetna Inc. The Aetna Journey • The evolution of our SDLC from Waterfall to DevOps • Integration of our Software Security Program into our CI/CD Process, Specifically: ─
Automated Static Code Analysis ─ Container Vulnerability Scanning ─ Identifying and remediating AWS Security Risk • How we measure ourselves and map security controls to compliance • Observations and benefits of DevOps/DevSecOps • Constantly learning, improving, and re-evaluating 6
7.
© 2017 Aetna Inc. Aetna’s Traditional Approach 7 Requirements Design Development
Test Production 1. Set project expectations: secure from the start (per archetype) 2. Define security blueprints: Archetype specific patterns and secure-by-design components Identification & proactive protection against security vulnerabilities in production Conduct application security testing on deployed configurations PREVENTATIVE DETECTIVEStatic Analysis Dynamic Assessment Security Libraries & Frameworks Threat Modeling Ex: All data input by users must be validated Assets Attack Vectors Threats Threat-Based Pen Test Open Source Analysis Application Risk Classification Security Requirement Definition Software Security Training (Role-Based Curriculum) PRODUCTION Continuous Perimeter Assessment Web Application Firewalls Secure Coding Guidelines Automated Attack/Bot Defense Secure Application Design
8.
© 2017 Aetna Inc. • Automation/Tool Integration • Transparency •
Increased Collaboration • Consistent Adoption • Continual Feedback • Remediation Efficiency • Release Gating • Resiliency & Scalability (Microservices/Containers) 8 DevOps and Security – an Unprecedented Opportunity
9.
© 2017 Aetna Inc. 9 Role Based Software Security Training DevOps/Security Program Integrated Requirements & Design Dev CI Interval Triggered Assessments Production Static
Analysis (CI) Dynamic Assessment Container Security Scanning (CI) Static Analysis (IDE) Threat-Based Pen TestOpen Source Governance(CI) Application Risk Classification Security Requirement Definition Security Mavens (Security-Trained Developers and Operations) Perimeter Assessment Web Application Firewalls Automated Attack/Bot Defense Container Security Management Preventative Detective Detailed manual assessments triggered automatically at appropriate interval; detached from release cycle Lightweight threat modeling approach AEFW/Secure Libraries Iterative, Automated, Efficient Secure Coding Standards Threat Modeling Application Red Team Continuous Monitoring, Analytics, and KPI Gathering SCM
10.
© 2017 Aetna Inc. Check In Commit or Pull Request Successful Build Security Scan Feedback Code Feature Static Code Analysis and Gated Check-ins 10 Goal: Improve Code Security • Move to a fully integrated and automated state •
Push SCA to the build platform and triggered with commits/merges • Use thresholds to “stop the bleeding” • Measure defect density (1 high vulnerability in 10000 LOC) • Automate threshold reduction as vulnerabilities in code decreased • Be as unobtrusive as possible to developers • Mandatory Security Control Thresholds
11.
© 2017 Aetna Inc. Container Vulnerability Scanning Goal: Ensure our Containers are current and vulnerability free • Use CIS Docker Benchmarks as a guideline • Initially attempted to script and automate the audit checks •
Identified commercial software to provide: ─ Automated CIS Docker Benchmark checks ─ Container and repository vulnerability scanning ─ Security policy enforcement ─ Runtime policy enforcement ─ Real-time threat intelligence ─ Specific guidance for HIPPA Compliance • Mandatory for any container host deployed enterprise wide 11
12.
© 2017 Aetna Inc. AWS Infrastructure Risk Goal: Identify and Reduce AWS Infrastructure Risk • Use CIS AWS Foundations Benchmarks as a guideline • Initially scripted and automated the checks via AWS CLI •
Moved to a vendor provided platform that streamlines and optimizes vulnerability and risk management for AWS • Continuously monitor our configured AWS accounts • Automatically identify security misconfigurations • Rapidly mitigate risk through guided remediation • Mandatory for any Aetna or Affiliate AWS account 12
13.
© 2017 Aetna Inc. 13 • Gather relevant and measureable KPIs –
Example: Defect Density • Trend your performance to see where you’ve been and project where you are going • Use information to strengthen the confidence in the process • Whenever applicable, map process and infrastructure checks to compliance requirements (HIPPA, PCI) Turn Information into Understanding
14.
© 2017 Aetna Inc. Observations and Benefits of DevSecOps • Consistent application of security controls across all builds, applications & releases • Decrease in Defect Density from 1.0
to 0.1 • Increase in the security integrity of applications • Increase in remediation efficiency through continuous feedback • Release gating/security gating • Rapid deployment/increased speed to market • Increase in efficiency & scalability (microservices) 14
15.
© 2017 Aetna Inc. Challenges Moving to DevOps • Evolving the culture and habits of 3,500+ developers • Multiple “flavors” of DevOps in different parts of the organization •
Security tool integration in a manner that supports objectives for actionable continuous feedback • What is the best approach for integrating threat modeling and manual assessments into the lifecycle without impacting CD objectives? 15
16.
© 2017 Aetna Inc. Takeaways • Find out where DevOps is happening in your organization • Identify where security controls can be injected •
Enhance the process with Security, don’t be an impediment • Turn information into understanding and measure success • Learn, Expand, Improve, Repeat 16
17.
© 2017 Aetna Inc. Thank you @dschleen
18.
© 2017 Aetna Inc. 18
Baixar agora