Call it what you will - DevSecOps, DevOpsSec, Rugged, Agile Application Security, Shift Left Unicorn Dust AppSec,... The face of security is changing. We'll go through the results of the DevSecOps Community Survey and examine the trends. Then we'll lead a group discussion on the topic. How have you tried to make security part of your SDLC? What have you seen work? What hasn't? What's important to you?
From Austin OWASP meetup in June 2018
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
DevSecOps in the Year 2018
1. DevSecOps In
the Year 2018
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
2. Who are these people?
James Wickett
Head of Research @ Signal Sciences
Ernest Mueller
Director of Engineering Opeations @ AlienVault
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
9. The original DevOps Deep Thoughts were created by
the hilarious and awesome Josh Zimmerman
(@TheJewberwocky) as Not Jack Handey which is
parody of Deep Thoughts by Jack Handey.
These DevSecOps Deep Thoughts are not nearly as
funny nor deep, but hey what do you expect of a
parody of a parody?
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
10. DevSecOps is the
extension of the DevOps
culture for the inclusion
of Security
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
11. "Companies are spending a great deal on security,
but we read of massive computer-related attacks.
Clearly something is wrong. The root of the problem
is twofold: we’re protecting the wrong things, and
we’re hurting productivity in the process."
Thinking Security, Steven M. Bellovin
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
16. Major Findings from the
DevSecOps Community
Survey 2018
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
17. 74% of respondents
report mature or growing
in maturity of DevOps
Practices
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
18. 48% of developers say
security is important but
dont have enough time to
spend on it
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
19. 73% of mature devops
shops say breaches drive
interest in DevSecOps
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
20. 1-in-3 report breaches
are due to web
application vulns
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
21. 72% of respondents see
security pros in the role
of "nag"
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
22. "many security teams
work with a worldview
where their goal is to
inhibit change as much
as possible"
James Wickett (@wickett) | Ernest Mueller
(@ernestmueller)
23. Yet, 91% agree security is
part of everyone's role
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
29. We want this to be a conversation. Try to keep the
answers to 30s or less to give everyone a chance to
get involved in the conversation.
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
30. 1. What do you wish
security people would
know about DevOps?
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
31. 2. What do you wish
devops people would
know about security?
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
32. 3. Have you done or seen
done a real win by using
DevOps and security
together?
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
33. 4. What would you like to
see to further your
DevSecOps efforts?
James Wickett (@wickett) | Ernest Mueller (@ernestmueller)