SlideShare uma empresa Scribd logo

FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative - Nicolas Chaillan, Chief Software Officer, U.S. Air Force

S
scoopnewsgroup

DOD Enterprise DevSecOps Initiative Nicolas Chaillan, Chief Software Officer, U.S. Air Force

Tecnologia
1 de 23
Baixar para ler offline
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force Mr. Nicolas Chaillan Chief Software Officer, U.S. Air Force Co-Lead, DoD Enterprise DevSecOps Initiative v1.1 – Unclassified DoD Enterprise DevSecOps Initiative (Software Factory)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Problem Statement n What is DevSecOps? n The software automated tools, services, and standards that enable programs to develop, secure, deploy, and operate applications in a secure, flexible and interoperable fashion. n Why should I care? n Software and cybersecurity pervades all aspects of DoD's mission (from business systems to weapons systems to Artificial Intelligence to cybersecurity to space) - establishing DevSecOps capabilities will: n Deliver applications rapidly and in a secure manner, increasing the warfighters competitive advantage n Bake-in and enforce cybersecurity functions and policy from inception through operations n Enhance enterprise visibility of development activities and reduce accreditation timelines n Ensure seamless application portability across enterprise, Cloud and disconnected, intermittent and classified environments n Drive DoD transformation to Agile and Lean Software Development and Delivery n Leveraging industry acquisition best practices combined with centralized contract vehicle for DevSecOps tools and services will enable rapid prototyping, real-time deployments and scalability. n We cannot be left behind: China, Russia and North Korea are already massively implementing DevOps.
I n t e g r i t y - S e r v i c e - E x c e l l e n c e From Waterfall to DevSecOps 3
I n t e g r i t y - S e r v i c e - E x c e l l e n c e What is the DoD Enterprise DevSecOps Initiative? n Joint Program with OUSD(A&S), DoD CIO, U.S. Air Force, DISA and the Military Services. n Technology: n Selecting, certifying, and packaging best of breed development tools and services (over 100 options) n Creating the Sidecar Container Security Stack (SCSS) for baked-in zero trust security n Creating a Centralized artifacts repository of hardened and centrally authorized containers n Designing a Scalable Microservices Architecture with Service Mesh/API Gateway and baked-in security n Providing on-boarding and support for adoption of Agile and DevSecOps n Developing best-practices, training, and support for pathfinding and related activities n Standardizing metrics and define acceptable thresholds for continuous ATO n Working with DAU to bring state of the art DevSecOps curriculum n Creating new contracting language to enable and incentivize the use of Agile and DevSecOps 4
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Value for DoD Programs (1) n Enables any DoD Program across DoD Services deploy a DoD hardened Software Factory, on their existing or new environments (including classified, disconnected and Clouds), within days instead of a year. Tremendous cost and time savings. n Multiple DevSecOps pipeline exemplars are available with various options to avoid vendor lock-in and enable true DoD-scale as there is not a one-size-fit-all for CI/CD. n Enables rapid prototyping (in days and not months or years) for any Business, C4ISR and Weapons system. Deployment in PRODUCTION! n Enables learning and continuous feedback from actual end-users (warfighters). 5
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Value for DoD Programs (2) n Enables bug and security fixes in minutes instead of weeks/months. n Enables automated testing and security. n Enables continuous Authorization to Operate (ATO) process for rapid deployment and scalability. Authorize ONCE, use MANY times! n Brings a holistic and baked-in cybersecurity stack, gaining complete visibility of all assets, software security state and infrastructure as code. n Microservices Architecture to facilitate the adoption of microservices. n Deployed on any environment, including DoD-approved Cloud and Jedi (when available). 6
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DoD Enterprise DevSecOps Technology n Create and Maintain DevSecOps pipelines (and not just DevOps) to avoid each DoD services building their own stack and reinventing the wheel. n Create hardened Container images in a dedicated artifacts repository with security built-in and compliance with FedRAMP/NIST (similar to gold images concept). n Create a Microservice Service Architecture with Service Mesh (ISTIO). n Standardize metrics and define acceptable thresholds for test coverage, security, documentation etc. to enable complete continuous deployment with pre-ATO embedded. n Leverage Kubernetes for Orchestration to ensure automation, rolling-update, scale, security and visibility thanks to the sidecar security container concept. 7
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Cloud One: new Air Force Cloud Offering n Former Common Computing Environment (CCE), PEO C3I&N n Cloud One provides: n Access to AWS GovCloud and Azure Government on: n Impact Level (IL) 2, 4 and 5, today n IL 6 and Secret SAP (C2S) within December 2019 n Cybersecurity Services (CSSP) baked-in n Cloud Access Point (CAP) and/or Global Content Delivery Service (GCDS) baked-in n Single Sign On n Zero Trust model n Pay per use scalable model (pay for your compute, storage and shared services), as easy as MIPRing money. n Enables instantiation of DevSecOps environment in your dedicated VPCs (Development VPC with internet access (including at IL5) and Production VPC) in days with Continuous ATO and full DoD-wide reciprocity. n Building new multi-award contract vehicles to buy licenses, services (including consultants, FTEs etc.) and Clouds services in bulk (by December 2019). 8
I n t e g r i t y - S e r v i c e - E x c e l l e n c e LevelUP: new centralized Air Force Software Factory Team n Merged with top talent across U.S. Air Force from various Factories (Kessel Run, Kobayoshi Maru SpaceCAMP and Unified Platform). n Manages Software Factories for Development teams so they can focus on building mission applications. n Decouples Development Teams from Factory teams with DevSecOps and Site Reliability Engineer (SRE) expertise. n Helps instantiate DevSecOps CI/CD pipeline / Software Factories in days at various classification levels. n Leverages the DoD hardened containers while avoiding one-size-fits-all architectures. n Fully compliant with the DoD Enterprise DevSecOps Initiative (DSOP) with DoD-wide reciprocity. n Centralizing the Container Hardening of 172 enterprise containers (databases, development tools, CI/CD tools, cybersecurity tools etc.). n Launching Software Enterprise Services (within 90 days for first chat tools) with Collaboration tools, Cybersecurity tools, Source code repositories, Artifact repositories, Development tools, DevSecOps as a Service, Chats etc. These services will be MANAGED services on Cloud One by our SRE team so development teams can simply USE those tools and pay per use at scale with bulk licenses. 9
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DoD Enterprise DevSecOps Architecture
STORE ARTIFACTS SCALE MONITOR SECURE TEST BUILD “Continuous Integration & Continuous Delivery” Orchestration DoD Enterprise DevSecOps Technology Stack (Exemplar) PLAN & DEVELOP DEPLOY & OPERATE Container and Container Management
Bare-metal, GovCloud, AWS Secret, Azure Secret, mil Cloud, C2S, Jedi…*** Elasticsearch DoD Enterprise DevSecOps Platform** 12 DoD Enterprise DevSecOps Architecture* DevSecOps CI/CD pipeline** Kubernetes Optional Abstraction Layer with Red Hat OpenShift or Pivotal Container Service Artifacts Repository** Security Side Car Container** Centralized DoD Enterprise DevSecOps Artifacts Repository Continuously Hardens Docker Public Images and Assesses Open Source Libraries pulls pulls Program Source code repository Application / Microservices built by DoD Programs. pulls *each DoD Program can have its own instantiation of the DoD Enterprise DevSecOps Platform on any Cloud. ** can be installed with single command and deployed on any Cloud. *** could be deployed inside an enclave or on- premises **** gives complete visibilities of assets, security/vulnerability state etc. can be integrated to existing cybersecurity shared services. DoD OCIO/DISA Centralized Logs/Telemetry****Fluentd Real- time pushes Per DoD Service for Service-wide Visibility Logs/Telemetry**** pulls pulls Microservices Architecture (ISTIO)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Microservices Architecture (ISTIO) 13 n Design a Service Mesh (ISTIO) architecture n ISTIO side car proxy, baked-in security, with visibility across containers, by default, without any developer interaction or code change n Benefits: n API Management, service discovery, authentication… n Dynamic request routing for A/B testing, gradual rollouts, canary releases, resilience, observability, retries, circuit breakers and fault injection n Layer 7 Load balancing n Zero Trust model: East/West Traffic Whitelisting, ACL, RBAC… n TLS encryption by default, Key management, signing…
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Platform Stack (continuously evolving)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (1) 15 Source Repository GitHub Government GitLab Container Management technologies: Kubernetes Openshift PKS Helm OKD API Gateways Kong Azure API AWS API Axway 3Scale Apigee ISTIO (service mesh) Artifacts Artifactory Nexus Maven Archiva S3 bucket Programming Languages C/C++ C#/.NET .NET Core Java PHP Python Groovy Ruby R Rust Scala Perl Go Node.JS Swift Databases SQL Server MySQL PostgreSQL MongoDB SQLite Redis Elasticsearch Oracle etcd Hadoop/HDInsight Cloudera Oracle Big Data Solr Neo4J Memcached Cassandra MariaDB CouchDB InfluxDB (time)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (2) 16 Message bus/Streams Kafka Flink Nats RabbitMQ ActiveMQ Proxy Oauth2 proxy nginx ldap auth proxy openldap HA Proxy Visualization Tableau Kibana Logs Logstash Splunk Forwarder Fluentd Syslogd Filebeat rsyslog Webservers Apache2 Nginx IIS Lighttpd Tomcat Docker base images OS: Alpine Busybox Ubuntu Centos Debian Fedora Universal Base Image Serverless Knative
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (3) 17 Build MSBuild CMake Maven Gradle Apache Ant Tests suite Cucumber J-Unit Selenium TestingWhiz Watir Sahi Zephyr Vagrant AppVerify nosetests SoapUI LeanFT Test coverage JaCoCo Emma Cobertura codecov CI/CD Orchestration Jenkins (open source) CloudBees Jenkins GitLab Jenkins plugins Dozens (Need to verify security). Configuration Management / Delivery Puppet Chef Ansible Saltstack Security Tenable / Nessus Agents Fortify Twistlock Aqua SonarQBE Qualys StackRox Aporeto Snort OWASP ZAP Contrast Security OpenVAS Metasploit ThreadFix pylint JFrog Xray OpenSCAP (can check against DISA STIG) OpenControl for compliance documentation Security (2) Snyk Code Climate AJAX Spider Tanaguru (508 compliance) InSpec OWASP Dependency-Check Burp HBSS Anchore Checkmarx SD Elements Clair Docker Bench Security Notary Sysdig Layered Insight BlackDuck Nexus IQ/Lifecycle/Firewall
I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (4) 18 Monitoring Sensu EFK (Elasticsearch, Fluentd, Kibana) Splunk Nagios New Relic Sentry Promotheus Grafana Kiali Collaboration Rocket.Chat Matter.Most PagerDuty Plan Jira Confluence Rally Redmine Pivotal Tracker Secrets Kubernetes Secrets Vault Credentials (Jenkins) CryptoMove SSO Keycloak Documentation Javadoc RDoc Sphinx Doxygen Cucumber phpDocumentator Pydoc Performance Apache AB Jmeter LoadRunner
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Legacy to DevSecOps => Strangler Pattern n Martin Fowler describes the Strangler Application: n One of the natural wonders of this area are the huge strangler vines. They seed in the upper branches of a fig tree and gradually work their way down the tree until they root in the soil. Over many years they grow into fantastic and beautiful shapes, meanwhile strangling and killing the tree that was their host. n To get there, the following steps were followed: n First, add a proxy, which sits between the legacy application and the user. Initially, this proxy doesn’t do anything but pass all traffic, unmodified, to the application. n Then, add new service (with its own database(s) and other supporting infrastructure) and link it to the proxy. Implement the first new page in this service. Then allow the proxy to serve traffic to that page (see below). n Add more pages, more functionality and potentially more services. Open up the proxy to the new pages and services. Repeat until all required functionality is handled by the new stack. n The monolith no longer serves traffic and can be switched off. n Learn more: https://www.ibm.com/developerworks/cloud/library/cl-strangler-application-pattern- microservices-apps-trs/index.html and https://www.michielrook.nl/2016/11/strangler-pattern-practice/ 19
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (1) n Recommended Videos (Part 1) n Watch our playlists, available at different expertise levels and continuously augmented! n Kafka / KSQL (message bus, pub/sub, event driven): n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlzz0zt03Ludtid7icrXBesg n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxxXX0oCzt7laO6mD61UIQw n Advanced: N/A n Kubernetes n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlydFzQzkYYDdQK7k5cEKubQ n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlx8dSFH_jFLK40Tt7KUXTN_ n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlytdAJiVqbHucWOvn5LrTNW 20
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (2) n Recommended Videos (Part 2) n Watch our playlists, available at different expertise levels and continuously augmented! n Service Mesh n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxtC4rDIMQ8QiG5UBCjz7VH n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlwWK_Y_Cas8Nyw-DsdbH6vl n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlx8VW2MFONMRwS_-2rSJwdn n Microservices n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlz_U2_RaONTGYLkz0lh-A_L n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxqjuAXxoRMjvspaEE8L2cB n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlw4CF4F4t3gVV3j0512CMsu 21
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (3) n Recommended Books n A Seat at the Table – by Mark Schwartz (former CIO of USCIS, leader in Agile) This book is highly recommended for ALL leadership as it is not technical but focused on the challenges around business, procurement and how leadership can enable DevOps across the organization and remove impediments. n The Phoenix Project – by the founders of DevOps n The DevOps Handbook – by Gene Kim, Patrick Debois. For those who drive to work like me (for hours), please note that these books are available as Audiobooks. 22
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Thank You! Nicolas Chaillan Chief Software Officer, U.S. Air Force usaf.cso@mail.mil

Recomendados

DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factoryscoopnewsgroup
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
Platform Engineering
Platform EngineeringPlatform Engineering
Platform EngineeringOpsta
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesSlideTeam
 
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...SlideTeam
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 

Recomendados

DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factoryscoopnewsgroup
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
Platform Engineering
Platform EngineeringPlatform Engineering
Platform EngineeringOpsta
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesSlideTeam
 
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...SlideTeam
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SREAraf Karsh Hamid
 
Microsoft Cloud Adoption Framework
Microsoft Cloud Adoption FrameworkMicrosoft Cloud Adoption Framework
Microsoft Cloud Adoption Frameworkssuserdb85d71
 
Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Abeer R
 
SRE-iously! Reliability!
SRE-iously! Reliability!SRE-iously! Reliability!
SRE-iously! Reliability!New Relic
 
DevOps Implementation Roadmap
DevOps Implementation RoadmapDevOps Implementation Roadmap
DevOps Implementation RoadmapSofiaCarter4
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
Cloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsCloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsChip Childers
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Site reliability engineering
Site reliability engineeringSite reliability engineering
Site reliability engineeringJason Loeffler
 
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation SlidesDevops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation SlidesSlideTeam
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...Sonatype
 
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersYour Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersAtlassian
 
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseScaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseOpsta
 
Chaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient SystemsChaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient SystemsC4Media
 
Epic Champions - Better Software Through Empowered Engineers
Epic Champions - Better Software Through Empowered EngineersEpic Champions - Better Software Through Empowered Engineers
Epic Champions - Better Software Through Empowered EngineersAtlassian
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOpsMichael Jesse
 
Devops online training ppt
Devops online training pptDevops online training ppt
Devops online training pptKhalidQureshi31
 
Site (Service) Reliability Engineering
Site (Service) Reliability EngineeringSite (Service) Reliability Engineering
Site (Service) Reliability EngineeringMark Underwood
 
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxDoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxTomGrand4
 
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanDoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanHermanKBeta
 

Mais conteúdo relacionado

Mais procurados

Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SREAraf Karsh Hamid
 
Microsoft Cloud Adoption Framework
Microsoft Cloud Adoption FrameworkMicrosoft Cloud Adoption Framework
Microsoft Cloud Adoption Frameworkssuserdb85d71
 
Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Abeer R
 
SRE-iously! Reliability!
SRE-iously! Reliability!SRE-iously! Reliability!
SRE-iously! Reliability!New Relic
 
DevOps Implementation Roadmap
DevOps Implementation RoadmapDevOps Implementation Roadmap
DevOps Implementation RoadmapSofiaCarter4
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
Cloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsCloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsChip Childers
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Site reliability engineering
Site reliability engineeringSite reliability engineering
Site reliability engineeringJason Loeffler
 
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation SlidesDevops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation SlidesSlideTeam
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...Sonatype
 
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersYour Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersAtlassian
 
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseScaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseOpsta
 
Chaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient SystemsChaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient SystemsC4Media
 
Epic Champions - Better Software Through Empowered Engineers
Epic Champions - Better Software Through Empowered EngineersEpic Champions - Better Software Through Empowered Engineers
Epic Champions - Better Software Through Empowered EngineersAtlassian
 
Devops online training ppt
Devops online training pptDevops online training ppt
Devops online training pptKhalidQureshi31
 
Site (Service) Reliability Engineering
Site (Service) Reliability EngineeringSite (Service) Reliability Engineering
Site (Service) Reliability EngineeringMark Underwood
 

Mais procurados (20)

Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SRE
 
Microsoft Cloud Adoption Framework
Microsoft Cloud Adoption FrameworkMicrosoft Cloud Adoption Framework
Microsoft Cloud Adoption Framework
 
Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)
 
SRE-iously! Reliability!
SRE-iously! Reliability!SRE-iously! Reliability!
SRE-iously! Reliability!
 
DevOps Implementation Roadmap
DevOps Implementation RoadmapDevOps Implementation Roadmap
DevOps Implementation Roadmap
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
Cloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsCloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native Applications
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
Site reliability engineering
Site reliability engineeringSite reliability engineering
Site reliability engineering
 
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation SlidesDevops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
Devops On Cloud Powerpoint Template Slides Powerpoint Presentation Slides
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
 
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersYour Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
 
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseScaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for Enterprise
 
Chaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient SystemsChaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient Systems
 
Epic Champions - Better Software Through Empowered Engineers
Epic Champions - Better Software Through Empowered EngineersEpic Champions - Better Software Through Empowered Engineers
Epic Champions - Better Software Through Empowered Engineers
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
 
Devops online training ppt
Devops online training pptDevops online training ppt
Devops online training ppt
 
Site (Service) Reliability Engineering
Site (Service) Reliability EngineeringSite (Service) Reliability Engineering
Site (Service) Reliability Engineering
 

Semelhante a FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative - Nicolas Chaillan, Chief Software Officer, U.S. Air Force

DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxDoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxTomGrand4
 
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanDoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanHermanKBeta
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAlex Rhea
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices Hendri Karisma
 
Building an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedBuilding an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedPrateek Mishra
 
DoD-Enterprise-DevSecOps-Initiative.pptx
DoD-Enterprise-DevSecOps-Initiative.pptxDoD-Enterprise-DevSecOps-Initiative.pptx
DoD-Enterprise-DevSecOps-Initiative.pptxfengerqiang
 
DevSecOps: Security With DevOps
DevSecOps: Security With DevOpsDevSecOps: Security With DevOps
DevSecOps: Security With DevOpsKnoldus Inc.
 
Cloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryCloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryEverett Toews
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSEric Smalling
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
Vadiraj Raikar_Cloud Automation_DevOps
Vadiraj Raikar_Cloud Automation_DevOpsVadiraj Raikar_Cloud Automation_DevOps
Vadiraj Raikar_Cloud Automation_DevOpsVadiraj Raikar
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through EducationGrant Ongers
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
DevOps e a transformação digital de aplicações
DevOps e a transformação digital de aplicaçõesDevOps e a transformação digital de aplicações
DevOps e a transformação digital de aplicaçõesRamon Durães
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE
 
understanding devops security - DevSecOps
understanding devops security - DevSecOpsunderstanding devops security - DevSecOps
understanding devops security - DevSecOpsAnshulkichara3
 

Semelhante a FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative - Nicolas Chaillan, Chief Software Officer, U.S. Air Force (20)

DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptxDoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
DoD-Enterprise-DevSecOps-Initiative-Introduction-v4.52.pptx
 
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanDoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container Adoption
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
Building an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedBuilding an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
 
DoD-Enterprise-DevSecOps-Initiative.pptx
DoD-Enterprise-DevSecOps-Initiative.pptxDoD-Enterprise-DevSecOps-Initiative.pptx
DoD-Enterprise-DevSecOps-Initiative.pptx
 
DevSecOps: Security With DevOps
DevSecOps: Security With DevOpsDevSecOps: Security With DevOps
DevSecOps: Security With DevOps
 
Balaji Resume
Balaji ResumeBalaji Resume
Balaji Resume
 
Cloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryCloud Native Summit 2019 Summary
Cloud Native Summit 2019 Summary
 
Md Zahir Uddin
Md Zahir UddinMd Zahir Uddin
Md Zahir Uddin
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Vadiraj Raikar_Cloud Automation_DevOps
Vadiraj Raikar_Cloud Automation_DevOpsVadiraj Raikar_Cloud Automation_DevOps
Vadiraj Raikar_Cloud Automation_DevOps
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through Education
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
 
Resume
ResumeResume
Resume
 
DevOps e a transformação digital de aplicações
DevOps e a transformação digital de aplicaçõesDevOps e a transformação digital de aplicações
DevOps e a transformação digital de aplicações
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
 
understanding devops security - DevSecOps
understanding devops security - DevSecOpsunderstanding devops security - DevSecOps
understanding devops security - DevSecOps
 
Resume-Fred
Resume-FredResume-Fred
Resume-Fred
 

Mais de scoopnewsgroup

2020: What's on Deck for the PMA
2020: What's on Deck for the PMA2020: What's on Deck for the PMA
2020: What's on Deck for the PMAscoopnewsgroup
 
Modernization Requires Choice
Modernization Requires ChoiceModernization Requires Choice
Modernization Requires Choicescoopnewsgroup
 
Smarter Access is the Bridge to Security Modernization
Smarter Access is the Bridge to Security ModernizationSmarter Access is the Bridge to Security Modernization
Smarter Access is the Bridge to Security Modernizationscoopnewsgroup
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 
Building a Zero Trust Architecture
Building a Zero Trust ArchitectureBuilding a Zero Trust Architecture
Building a Zero Trust Architecturescoopnewsgroup
 
History of Data-Centric Transformation
History of Data-Centric TransformationHistory of Data-Centric Transformation
History of Data-Centric Transformationscoopnewsgroup
 
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?scoopnewsgroup
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Keeping the Workforce of the Future Empowered, Engaged & Happy
Keeping the Workforce of the Future Empowered, Engaged & HappyKeeping the Workforce of the Future Empowered, Engaged & Happy
Keeping the Workforce of the Future Empowered, Engaged & Happyscoopnewsgroup
 
It All Starts with Linux
It All Starts with LinuxIt All Starts with Linux
It All Starts with Linuxscoopnewsgroup
 
Leadership in the Digital Age
Leadership in the Digital AgeLeadership in the Digital Age
Leadership in the Digital Agescoopnewsgroup
 
Digital Transformation for Government
Digital Transformation for GovernmentDigital Transformation for Government
Digital Transformation for Governmentscoopnewsgroup
 
Enhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber RangeEnhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber Rangescoopnewsgroup
 
Lessons Learned from Fire Escapes for Cybersecurity
Lessons Learned from Fire Escapes for CybersecurityLessons Learned from Fire Escapes for Cybersecurity
Lessons Learned from Fire Escapes for Cybersecurityscoopnewsgroup
 
2019 FedScoop Public Sector innovation Summit
2019 FedScoop Public Sector innovation Summit2019 FedScoop Public Sector innovation Summit
2019 FedScoop Public Sector innovation Summitscoopnewsgroup
 
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...scoopnewsgroup
 

Mais de scoopnewsgroup (20)

2020: What's on Deck for the PMA
2020: What's on Deck for the PMA2020: What's on Deck for the PMA
2020: What's on Deck for the PMA
 
Modernization Requires Choice
Modernization Requires ChoiceModernization Requires Choice
Modernization Requires Choice
 
Smarter Access is the Bridge to Security Modernization
Smarter Access is the Bridge to Security ModernizationSmarter Access is the Bridge to Security Modernization
Smarter Access is the Bridge to Security Modernization
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
 
Building a Zero Trust Architecture
Building a Zero Trust ArchitectureBuilding a Zero Trust Architecture
Building a Zero Trust Architecture
 
History of Data-Centric Transformation
History of Data-Centric TransformationHistory of Data-Centric Transformation
History of Data-Centric Transformation
 
IC Fireside Chat
IC Fireside ChatIC Fireside Chat
IC Fireside Chat
 
The Edge to AI
The Edge to AIThe Edge to AI
The Edge to AI
 
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
Data Strategy – What Does an Enterprise Data Cloud Mean for Your Agency?
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
 
Keeping the Workforce of the Future Empowered, Engaged & Happy
Keeping the Workforce of the Future Empowered, Engaged & HappyKeeping the Workforce of the Future Empowered, Engaged & Happy
Keeping the Workforce of the Future Empowered, Engaged & Happy
 
Opening Remarks
Opening RemarksOpening Remarks
Opening Remarks
 
It All Starts with Linux
It All Starts with LinuxIt All Starts with Linux
It All Starts with Linux
 
Leadership in the Digital Age
Leadership in the Digital AgeLeadership in the Digital Age
Leadership in the Digital Age
 
Digital Transformation for Government
Digital Transformation for GovernmentDigital Transformation for Government
Digital Transformation for Government
 
Enhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber RangeEnhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber Range
 
Lessons Learned from Fire Escapes for Cybersecurity
Lessons Learned from Fire Escapes for CybersecurityLessons Learned from Fire Escapes for Cybersecurity
Lessons Learned from Fire Escapes for Cybersecurity
 
2019 FedScoop Public Sector innovation Summit
2019 FedScoop Public Sector innovation Summit2019 FedScoop Public Sector innovation Summit
2019 FedScoop Public Sector innovation Summit
 
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
FedScoop Public Sector Innovation Summit Peter Wallace, CIO, Virginia Beach- ...
 

Último

JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 

Último (20)

JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 

FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative - Nicolas Chaillan, Chief Software Officer, U.S. Air Force

  • 1. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force Mr. Nicolas Chaillan Chief Software Officer, U.S. Air Force Co-Lead, DoD Enterprise DevSecOps Initiative v1.1 – Unclassified DoD Enterprise DevSecOps Initiative (Software Factory)
  • 2. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Problem Statement n What is DevSecOps? n The software automated tools, services, and standards that enable programs to develop, secure, deploy, and operate applications in a secure, flexible and interoperable fashion. n Why should I care? n Software and cybersecurity pervades all aspects of DoD's mission (from business systems to weapons systems to Artificial Intelligence to cybersecurity to space) - establishing DevSecOps capabilities will: n Deliver applications rapidly and in a secure manner, increasing the warfighters competitive advantage n Bake-in and enforce cybersecurity functions and policy from inception through operations n Enhance enterprise visibility of development activities and reduce accreditation timelines n Ensure seamless application portability across enterprise, Cloud and disconnected, intermittent and classified environments n Drive DoD transformation to Agile and Lean Software Development and Delivery n Leveraging industry acquisition best practices combined with centralized contract vehicle for DevSecOps tools and services will enable rapid prototyping, real-time deployments and scalability. n We cannot be left behind: China, Russia and North Korea are already massively implementing DevOps.
  • 3. I n t e g r i t y - S e r v i c e - E x c e l l e n c e From Waterfall to DevSecOps 3
  • 4. I n t e g r i t y - S e r v i c e - E x c e l l e n c e What is the DoD Enterprise DevSecOps Initiative? n Joint Program with OUSD(A&S), DoD CIO, U.S. Air Force, DISA and the Military Services. n Technology: n Selecting, certifying, and packaging best of breed development tools and services (over 100 options) n Creating the Sidecar Container Security Stack (SCSS) for baked-in zero trust security n Creating a Centralized artifacts repository of hardened and centrally authorized containers n Designing a Scalable Microservices Architecture with Service Mesh/API Gateway and baked-in security n Providing on-boarding and support for adoption of Agile and DevSecOps n Developing best-practices, training, and support for pathfinding and related activities n Standardizing metrics and define acceptable thresholds for continuous ATO n Working with DAU to bring state of the art DevSecOps curriculum n Creating new contracting language to enable and incentivize the use of Agile and DevSecOps 4
  • 5. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Value for DoD Programs (1) n Enables any DoD Program across DoD Services deploy a DoD hardened Software Factory, on their existing or new environments (including classified, disconnected and Clouds), within days instead of a year. Tremendous cost and time savings. n Multiple DevSecOps pipeline exemplars are available with various options to avoid vendor lock-in and enable true DoD-scale as there is not a one-size-fit-all for CI/CD. n Enables rapid prototyping (in days and not months or years) for any Business, C4ISR and Weapons system. Deployment in PRODUCTION! n Enables learning and continuous feedback from actual end-users (warfighters). 5
  • 6. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Value for DoD Programs (2) n Enables bug and security fixes in minutes instead of weeks/months. n Enables automated testing and security. n Enables continuous Authorization to Operate (ATO) process for rapid deployment and scalability. Authorize ONCE, use MANY times! n Brings a holistic and baked-in cybersecurity stack, gaining complete visibility of all assets, software security state and infrastructure as code. n Microservices Architecture to facilitate the adoption of microservices. n Deployed on any environment, including DoD-approved Cloud and Jedi (when available). 6
  • 7. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DoD Enterprise DevSecOps Technology n Create and Maintain DevSecOps pipelines (and not just DevOps) to avoid each DoD services building their own stack and reinventing the wheel. n Create hardened Container images in a dedicated artifacts repository with security built-in and compliance with FedRAMP/NIST (similar to gold images concept). n Create a Microservice Service Architecture with Service Mesh (ISTIO). n Standardize metrics and define acceptable thresholds for test coverage, security, documentation etc. to enable complete continuous deployment with pre-ATO embedded. n Leverage Kubernetes for Orchestration to ensure automation, rolling-update, scale, security and visibility thanks to the sidecar security container concept. 7
  • 8. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Cloud One: new Air Force Cloud Offering n Former Common Computing Environment (CCE), PEO C3I&N n Cloud One provides: n Access to AWS GovCloud and Azure Government on: n Impact Level (IL) 2, 4 and 5, today n IL 6 and Secret SAP (C2S) within December 2019 n Cybersecurity Services (CSSP) baked-in n Cloud Access Point (CAP) and/or Global Content Delivery Service (GCDS) baked-in n Single Sign On n Zero Trust model n Pay per use scalable model (pay for your compute, storage and shared services), as easy as MIPRing money. n Enables instantiation of DevSecOps environment in your dedicated VPCs (Development VPC with internet access (including at IL5) and Production VPC) in days with Continuous ATO and full DoD-wide reciprocity. n Building new multi-award contract vehicles to buy licenses, services (including consultants, FTEs etc.) and Clouds services in bulk (by December 2019). 8
  • 9. I n t e g r i t y - S e r v i c e - E x c e l l e n c e LevelUP: new centralized Air Force Software Factory Team n Merged with top talent across U.S. Air Force from various Factories (Kessel Run, Kobayoshi Maru SpaceCAMP and Unified Platform). n Manages Software Factories for Development teams so they can focus on building mission applications. n Decouples Development Teams from Factory teams with DevSecOps and Site Reliability Engineer (SRE) expertise. n Helps instantiate DevSecOps CI/CD pipeline / Software Factories in days at various classification levels. n Leverages the DoD hardened containers while avoiding one-size-fits-all architectures. n Fully compliant with the DoD Enterprise DevSecOps Initiative (DSOP) with DoD-wide reciprocity. n Centralizing the Container Hardening of 172 enterprise containers (databases, development tools, CI/CD tools, cybersecurity tools etc.). n Launching Software Enterprise Services (within 90 days for first chat tools) with Collaboration tools, Cybersecurity tools, Source code repositories, Artifact repositories, Development tools, DevSecOps as a Service, Chats etc. These services will be MANAGED services on Cloud One by our SRE team so development teams can simply USE those tools and pay per use at scale with bulk licenses. 9
  • 10. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DoD Enterprise DevSecOps Architecture
  • 11. STORE ARTIFACTS SCALE MONITOR SECURE TEST BUILD “Continuous Integration & Continuous Delivery” Orchestration DoD Enterprise DevSecOps Technology Stack (Exemplar) PLAN & DEVELOP DEPLOY & OPERATE Container and Container Management
  • 12. Bare-metal, GovCloud, AWS Secret, Azure Secret, mil Cloud, C2S, Jedi…*** Elasticsearch DoD Enterprise DevSecOps Platform** 12 DoD Enterprise DevSecOps Architecture* DevSecOps CI/CD pipeline** Kubernetes Optional Abstraction Layer with Red Hat OpenShift or Pivotal Container Service Artifacts Repository** Security Side Car Container** Centralized DoD Enterprise DevSecOps Artifacts Repository Continuously Hardens Docker Public Images and Assesses Open Source Libraries pulls pulls Program Source code repository Application / Microservices built by DoD Programs. pulls *each DoD Program can have its own instantiation of the DoD Enterprise DevSecOps Platform on any Cloud. ** can be installed with single command and deployed on any Cloud. *** could be deployed inside an enclave or on- premises **** gives complete visibilities of assets, security/vulnerability state etc. can be integrated to existing cybersecurity shared services. DoD OCIO/DISA Centralized Logs/Telemetry****Fluentd Real- time pushes Per DoD Service for Service-wide Visibility Logs/Telemetry**** pulls pulls Microservices Architecture (ISTIO)
  • 13. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Microservices Architecture (ISTIO) 13 n Design a Service Mesh (ISTIO) architecture n ISTIO side car proxy, baked-in security, with visibility across containers, by default, without any developer interaction or code change n Benefits: n API Management, service discovery, authentication… n Dynamic request routing for A/B testing, gradual rollouts, canary releases, resilience, observability, retries, circuit breakers and fault injection n Layer 7 Load balancing n Zero Trust model: East/West Traffic Whitelisting, ACL, RBAC… n TLS encryption by default, Key management, signing…
  • 14. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Platform Stack (continuously evolving)
  • 15. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (1) 15 Source Repository GitHub Government GitLab Container Management technologies: Kubernetes Openshift PKS Helm OKD API Gateways Kong Azure API AWS API Axway 3Scale Apigee ISTIO (service mesh) Artifacts Artifactory Nexus Maven Archiva S3 bucket Programming Languages C/C++ C#/.NET .NET Core Java PHP Python Groovy Ruby R Rust Scala Perl Go Node.JS Swift Databases SQL Server MySQL PostgreSQL MongoDB SQLite Redis Elasticsearch Oracle etcd Hadoop/HDInsight Cloudera Oracle Big Data Solr Neo4J Memcached Cassandra MariaDB CouchDB InfluxDB (time)
  • 16. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (2) 16 Message bus/Streams Kafka Flink Nats RabbitMQ ActiveMQ Proxy Oauth2 proxy nginx ldap auth proxy openldap HA Proxy Visualization Tableau Kibana Logs Logstash Splunk Forwarder Fluentd Syslogd Filebeat rsyslog Webservers Apache2 Nginx IIS Lighttpd Tomcat Docker base images OS: Alpine Busybox Ubuntu Centos Debian Fedora Universal Base Image Serverless Knative
  • 17. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (3) 17 Build MSBuild CMake Maven Gradle Apache Ant Tests suite Cucumber J-Unit Selenium TestingWhiz Watir Sahi Zephyr Vagrant AppVerify nosetests SoapUI LeanFT Test coverage JaCoCo Emma Cobertura codecov CI/CD Orchestration Jenkins (open source) CloudBees Jenkins GitLab Jenkins plugins Dozens (Need to verify security). Configuration Management / Delivery Puppet Chef Ansible Saltstack Security Tenable / Nessus Agents Fortify Twistlock Aqua SonarQBE Qualys StackRox Aporeto Snort OWASP ZAP Contrast Security OpenVAS Metasploit ThreadFix pylint JFrog Xray OpenSCAP (can check against DISA STIG) OpenControl for compliance documentation Security (2) Snyk Code Climate AJAX Spider Tanaguru (508 compliance) InSpec OWASP Dependency-Check Burp HBSS Anchore Checkmarx SD Elements Clair Docker Bench Security Notary Sysdig Layered Insight BlackDuck Nexus IQ/Lifecycle/Firewall
  • 18. I n t e g r i t y - S e r v i c e - E x c e l l e n c e DevSecOps Product Stack (4) 18 Monitoring Sensu EFK (Elasticsearch, Fluentd, Kibana) Splunk Nagios New Relic Sentry Promotheus Grafana Kiali Collaboration Rocket.Chat Matter.Most PagerDuty Plan Jira Confluence Rally Redmine Pivotal Tracker Secrets Kubernetes Secrets Vault Credentials (Jenkins) CryptoMove SSO Keycloak Documentation Javadoc RDoc Sphinx Doxygen Cucumber phpDocumentator Pydoc Performance Apache AB Jmeter LoadRunner
  • 19. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Legacy to DevSecOps => Strangler Pattern n Martin Fowler describes the Strangler Application: n One of the natural wonders of this area are the huge strangler vines. They seed in the upper branches of a fig tree and gradually work their way down the tree until they root in the soil. Over many years they grow into fantastic and beautiful shapes, meanwhile strangling and killing the tree that was their host. n To get there, the following steps were followed: n First, add a proxy, which sits between the legacy application and the user. Initially, this proxy doesn’t do anything but pass all traffic, unmodified, to the application. n Then, add new service (with its own database(s) and other supporting infrastructure) and link it to the proxy. Implement the first new page in this service. Then allow the proxy to serve traffic to that page (see below). n Add more pages, more functionality and potentially more services. Open up the proxy to the new pages and services. Repeat until all required functionality is handled by the new stack. n The monolith no longer serves traffic and can be switched off. n Learn more: https://www.ibm.com/developerworks/cloud/library/cl-strangler-application-pattern- microservices-apps-trs/index.html and https://www.michielrook.nl/2016/11/strangler-pattern-practice/ 19
  • 20. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (1) n Recommended Videos (Part 1) n Watch our playlists, available at different expertise levels and continuously augmented! n Kafka / KSQL (message bus, pub/sub, event driven): n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlzz0zt03Ludtid7icrXBesg n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxxXX0oCzt7laO6mD61UIQw n Advanced: N/A n Kubernetes n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlydFzQzkYYDdQK7k5cEKubQ n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlx8dSFH_jFLK40Tt7KUXTN_ n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlytdAJiVqbHucWOvn5LrTNW 20
  • 21. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (2) n Recommended Videos (Part 2) n Watch our playlists, available at different expertise levels and continuously augmented! n Service Mesh n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxtC4rDIMQ8QiG5UBCjz7VH n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlwWK_Y_Cas8Nyw-DsdbH6vl n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlx8VW2MFONMRwS_-2rSJwdn n Microservices n Beginners: https://www.youtube.com/playlist?list=PLSIv_F9TtLlz_U2_RaONTGYLkz0lh-A_L n Intermediate: https://www.youtube.com/playlist?list=PLSIv_F9TtLlxqjuAXxoRMjvspaEE8L2cB n Advanced: https://www.youtube.com/playlist?list=PLSIv_F9TtLlw4CF4F4t3gVV3j0512CMsu 21
  • 22. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Self-Learning (3) n Recommended Books n A Seat at the Table – by Mark Schwartz (former CIO of USCIS, leader in Agile) This book is highly recommended for ALL leadership as it is not technical but focused on the challenges around business, procurement and how leadership can enable DevOps across the organization and remove impediments. n The Phoenix Project – by the founders of DevOps n The DevOps Handbook – by Gene Kim, Patrick Debois. For those who drive to work like me (for hours), please note that these books are available as Audiobooks. 22
  • 23. I n t e g r i t y - S e r v i c e - E x c e l l e n c e Thank You! Nicolas Chaillan Chief Software Officer, U.S. Air Force usaf.cso@mail.mil