10. Agile Ops Anyone?
2 major related trends:
1. Agile Operations/Infrastructure
2. Collaboration between dev and ops
Ultimately led to the first DevOpsDays in 2009…
11. So, what is DevOps?
• Set of principles and practices for efficient
communication and collaboration. (Culture)
• Automated deployment pipeline. (Processes)
• Supporting tool chain (Technologies)
12. ”[…]it seems as though the problems are
just between dev and ops, but test is in
there, and you have security objectives.
These are top-level concerns of
Management […] and have become part of
the DevOps picture.
In other words, when you hear "DevOps"
today, you should probably be thinking
DevOpsQATestInfoSec."
- Gene Kim
15. Security challenges in DevOps
• It is clear why companies are moving to DevOps
…but how can security keep up with this?
Source: https://xebialabs.com/assets/files/whitepapers/ITRev_DevOps_Guide_5_2015.pdf
18. Culture
• Communication and transparency
• High-trust environment “blameless postmortem”
• Continuous improvement
• Everyone is responsible for security
• Automate as much as possible
• Everything as code
19. Culture:
Open Space Ideas
• How did your org switch to Dev(Sec)Ops?
• Continuous Improvement (Kaizen)
• What are you automating at the moment?
25. Processes:
Open Space Ideas
• How are you managing security requirements?
• How are you building security into the SDLC?
• AppSec Pipelines in the wild
• ChatSecOps
28. Technologies:
Open Space Ideas
• Scaling security requirements
• TDD and security in testing
• Which *AST technologies have you been using?
• Experience with IDE Plugins
• Environment management (Dev/Prod parity)
• Configuration management (configuration drift)
• Patch Management and deployment strategies
(e.g. Phoenix)