Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

DevSecCon London 2017: How far left do you want to go with security? by Javier Salado

209 visualizaciones

Publicado el

DevSecCon London 2017: How far left do you want to go with security? by Javier Salado

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

DevSecCon London 2017: How far left do you want to go with security? by Javier Salado

  1. 1. Join the conversation #DevSecCon BY JAVIER SALADO How far left do you want to go with Security?
  2. 2. Oh no! Yet another “shift left” presentation…
  3. 3. So… how far left should we go with security?
  4. 4. “Classical” Software development Life Cycle Analysis Design Testing DeploymentCoding Time
  5. 5. Here comes Agile and DevOps to the rescue
  6. 6. Here comes Agile and DevOps to the rescue
  7. 7. Enterprise security is still a silo
  8. 8. DevSecOps: No more silos, all hands on deck
  9. 9. DevSecOps Security Policy Security & QA review Application Security protection Defects & Vulnerabilities Fix Plan Security Audit Security flaws analytics Update Baseline: New Starting Point Redefine security policy Security & QA review Security & QA review
  10. 10. Tools + automation = integration
  11. 11. Integration Security Policy Security & QA review IDE + CI Application Security protection Issue tracker Defects & Vulnerabilities Fix Plan Issue tracker Security Audit CD Security flaws analytics Issue tracker Update Baseline: New Starting Point CD Redefine security policy Manual task Security & QA review IDE + CI Security & QA review IDE + CI
  12. 12. Outsourcing
  13. 13. DevSecOps Collaborative environment Security Policy Security Policy Cloud Collaborative Environment Security Policy Security Reviews Security Audits Security Policy Security Reviews Security Audits Security Policy Security Review results Security Audit results DevSecOps stakeholders Outsourced development teams Security Reviews Security Reviews Security Audits
  14. 14. Conclusions and references • 2016 State of DevOps Report by Puppet and Dora research & assessment • Starting and Scaling DevOps in the Enterprise by Gary Gruver • 2017 IDG Enterprise Security Priorities • www.kiuwan.com Last but not least… Some thousands of hours working with customers for the last 25 years
  15. 15. Join the conversation #DevSecCon Thank you javier.salado@kiuwan.com @Javier_Salado www.kiuwan.com

×