about me
play

About Me CEO & Co-Founder at Snyk Find & Fix - PowerPoint PPT Presentation

Mar 29, 2024 •211 likes •1.29k views

The Three Faces of DevSecOps Guy Podjarny (@guypod) @guypod About Me CEO & Co-Founder at Snyk Find & Fix vulnerabilities in open source dependencies! Founder @Blaze, CTO @Akamai Security work since 1997 DevOps

  1. Some ideas from 
 Security Teams that do it well 
 (via The Secure Developer podcast) @guypod

  2. PagerDuty Security Team • We have a phrase we like on our security team which is, “we're here to make it easy to do the right thing” • … treating security problems as operational problems… things like Chef, Splunk, AWS tooling… use them for security challenges as well. https://www.heavybit.com/library/podcasts/the-secure-developer/ep-11-keeping-pagerduty-secure/ @guypod

  3. Optimizely Security Lead 
 Kyle Randolph • We actually give out T-shirts that say, "Security Hero" on them. This is more exclusive, so it makes people want to step it up and really go above and beyond to make a security contribution • We're using a lot of Spinnaker for our deploy automation, which is not a security tool, but that's just the place that you can bundle in all the other security configuration that you want to have happen. https://www.heavybit.com/library/podcasts/the-secure-developer/ep-1-prioritizing-secure-development/ @guypod

  4. New Relic CSO 
 Shaun Gordon • It's very easy to turn a developer o ff of a tool very quickly by giving them unactionable information, by calling them out on something that they don't understand what it is, and more importantly, how to fix it • change the way we do security to fit in with the way the developers perform their job, instead of trying to get them adapt the way they work to what we're doing. https://www.heavybit.com/library/podcasts/the-secure-developer/ep-13-how-new-relic-does-security/ @guypod

  5. Slack CSO 
 Geo ff Belknap • The Slack Security team was originally part of the privacy and policy organization,.. now I report directly to Cal Henderson, our CTO… and you know a first-class citizen in engineering • we sent Atlassian some cake or some cookies recently… in the past we've also sent cake or pizza when friends are having a bad day… even though we're all in this market, and we're competing against each other… we all rise and fall together, right? https://www.heavybit.com/library/podcasts/the-secure-developer/ep-14-how-slack-stays-secure-during-hyper-growth/ @guypod

  6. Look for ways to 
 Engage Dev in Security @guypod

  7. Include Security in DevOps Shared ownership: 1. Find security tools dev will actually use 2. Look for ways to engage dev in security @guypod

  8. DevOps helps 
 deliver value and adapt to market needs 
 faster and at scale @guypod

  9. 1. Securing DevOps Technologies 2. Security in DevOps Methodologies 3. Include Security in DevOps Shared Ownership @guypod

  10. Security For DevOps Technologies: 1. Adapt existing security tools to new tech 2. Address new security risks new tech introduced @guypod

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Large-scale land investments Current trends and pathways to inclusive and sustainable

Large-scale land investments Current trends and pathways to inclusive and sustainable

Large-scale land investments Current trends and pathways to inclusive and sustainable development Thea Hilhorst, Annelies Zoomers Outline presentation Land: Where, how much Drivers globally and in-country Actors Concerns

592 views • 17 slides
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to Provide Security Monitoring as a Service in Clouds?) Seungwon Shin Guofei Gu SUCCESS Lab SUCCESS Lab Texas A&M University Texas A&M

314 views • 6 slides
Agenda Container Security Concerns Addressing Container Security Security @ SUSE True or False?

Agenda Container Security Concerns Addressing Container Security Security @ SUSE True or False?

Agenda Container Security Concerns Addressing Container Security Security @ SUSE True or False? Containers are inherently insecure. Some Learnings from an Enterprise Study 94%: Containers have security implications 31%: Worried

490 views • 24 slides
OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com) Jaesuk Ahn (jay.ahn@sk.com) Open System Lab Network IT Convergence R&D Center SK Telecom Wil Reichert (wil@solinea.com) Solinea What will

1.26k views • 46 slides
9 th August 2016, Entebbe, Uganda By Rapule Pule, Water Resources Specialist, ORASECOM

9 th August 2016, Entebbe, Uganda By Rapule Pule, Water Resources Specialist, ORASECOM

Workshop on Water Cooperation Quotient and exchange between African and Middle- Eastern experts Water Cooperation Quotient - ORASECOM 9 th August 2016, Entebbe, Uganda By Rapule Pule, Water Resources Specialist, ORASECOM Secretariat

1.75k views • 28 slides
Structure of Presentation Aims. Background to the Presentation. EU Policies

Structure of Presentation Aims. Background to the Presentation. EU Policies

Reconciling Labour mobility and cohesion policies in relation rural areas of the European Union. Philomena de Lima Structure of Presentation Aims. Background to the Presentation. EU Policies cohesion policies (territorial with

521 views • 22 slides
101 How Connecticuts school funding system impacts Waterbury Public Schools and the community

101 How Connecticuts school funding system impacts Waterbury Public Schools and the community

S CHOOL F INANCE 101 How Connecticuts school funding system impacts Waterbury Public Schools and the community Contact Us For questions or comments about the information presented today, please contact us: Katie Roy, Director and Founder

996 views • 75 slides
Nessus Vulnerability Scan for Institutions Hugh Burley, George Jones, Ivor MacKay, and Rossilyne

Nessus Vulnerability Scan for Institutions Hugh Burley, George Jones, Ivor MacKay, and Rossilyne

Conference 2018 Conference 2018 Nessus Vulnerability Scan for Institutions Hugh Burley, George Jones, Ivor MacKay, and Rossilyne Tan Speakers: George Jones, Director, Technology Services and Chief Information Officer Justice Institute of

508 views • 29 slides
Absence and presence of leadership? The experience of early career teachers with school

Absence and presence of leadership? The experience of early career teachers with school

Absence and presence of leadership? The experience of early career teachers with school management with respect to their competence from initial teacher education NERA Copenhagen, March 2017 Associate professor Rachel Jakhelln Associate

449 views • 21 slides
Promotion of Social Cooperatives Definitions, demarcations, regulation and target groups Simel

Promotion of Social Cooperatives Definitions, demarcations, regulation and target groups Simel

Promotion of Social Cooperatives Definitions, demarcations, regulation and target groups Simel Esim COOP Unit ILO March 21, 2018 Ankara, Turkey Outline ILO and cooperatives Definitions and demarkations Relevant policies and points

801 views • 36 slides
Birth Outcomes Initiative Bryan Amick Director of Pharmacy Medicaid Update Agenda Managed

Birth Outcomes Initiative Bryan Amick Director of Pharmacy Medicaid Update Agenda Managed

South Carolina Department of Health and Human Services Birth Outcomes Initiative Bryan Amick Director of Pharmacy Medicaid Update Agenda Managed Care BOI LARCs SBIRT Centering Proviso 33.34 E(2) Next Phase Quick

833 views • 36 slides
2018 Interim Results Solid performance in line with expectations and guidance confirmed 2 August

2018 Interim Results Solid performance in line with expectations and guidance confirmed 2 August

2018 Interim Results Solid performance in line with expectations and guidance confirmed 2 August 2018 0 Disclaimer THIS PRESENTATION IS NOT FOR RELEASE, PUBLICATION OR DISTRIBUTION, IN WHOLE OR IN PART, IN OR INTO THE UNITED STATES OF AMERICA,

620 views • 28 slides
Do Doing ing Bu Busi sine ness ss wi with th UTIC IC 25 July 2018 Agenda Undersea

Do Doing ing Bu Busi sine ness ss wi with th UTIC IC 25 July 2018 Agenda Undersea

Do Doing ing Bu Busi sine ness ss wi with th UTIC IC 25 July 2018 Agenda Undersea Technology Innovation Consortium Overview Other Transaction Agreement 101 Project Solicitation & Proposal Submission Process Overview

923 views • 45 slides
BDT - Spectrum Management and Broadcasting Istvn Bozski Head of Division BDT/IEE/TND ITU

BDT - Spectrum Management and Broadcasting Istvn Bozski Head of Division BDT/IEE/TND ITU

BDT - Spectrum Management and Broadcasting Istvn Bozski Head of Division BDT/IEE/TND ITU Workshop, 14/12/2017, Yerevan 1 Spectrum Management and Broadcasting - summary Spectrum management Spectrum Management Tool for Developing

1.07k views • 73 slides
LARC Distribution by Service Location 2 The location of the LARC insertion can impact the cost to

LARC Distribution by Service Location 2 The location of the LARC insertion can impact the cost to

H.620 An act relating to health insurance and Medicaid coverage for contraceptives 1 3 / 2 5 / 2 0 16 T E S T I M O N Y F R O M M E D I C A I D LARC Distribution by Service Location 2 The location of the LARC insertion can impact the cost

640 views • 6 slides
SAFETSA South African Further Education and Training Student Association Introduction As a

SAFETSA South African Further Education and Training Student Association Introduction As a

Submission to the Presidential commission fee free education SAFETSA South African Further Education and Training Student Association Introduction As a structure SAFETSA was established in 2013 through consensus with already organised Student

1.34k views • 6 slides
1 Financial Summary Results reflect the global downturn in oil & gas markets.

1 Financial Summary Results reflect the global downturn in oil & gas markets.

1 Financial Summary Results reflect the global downturn in oil & gas markets. Annualised cost savings of $41m from workforce reductions c. 25% since December 2014. Impairments to Goodwill and other assets booked in the period

459 views • 27 slides
Examples from a Statewide Training Curriculum Therese Sandomierski & Brooke Curtiss FLPBIS

Examples from a Statewide Training Curriculum Therese Sandomierski & Brooke Curtiss FLPBIS

Centering Equity within Tier 1 PBIS: Examples from a Statewide Training Curriculum Therese Sandomierski & Brooke Curtiss FLPBIS Project, University of South Florida This product was developed by the Florida Positive Behavioral

708 views • 45 slides
General Education Committee Assessment of Designated Courses AC/AE, FW, WI, SA,PI Spring 2009

General Education Committee Assessment of Designated Courses AC/AE, FW, WI, SA,PI Spring 2009

General Education Committee Assessment of Designated Courses AC/AE, FW, WI, SA,PI Spring 2009 Presentation September 24 th , 2009 Dr. Bruce Carl Brydges Office of Institutional Effectiveness Aesthetic Understanding AE/AC Designator

711 views • 50 slides
Facilitating Play Dates for a Child with Special Needs Presented by: Tracey Greenwood, M.A.

Facilitating Play Dates for a Child with Special Needs Presented by: Tracey Greenwood, M.A.

Facilitating Play Dates for a Child with Special Needs Presented by: Tracey Greenwood, M.A. Special Education Consulting Teacher March 6, 2018 Loudoun County Public Schools Tracey.Greenwood@lcps.org (571) 252-1000 1 Facilitating Play Dates

656 views • 39 slides
SYSTEM BASICS 1 Table le of Contents Appointments Personnel Information Salary

SYSTEM BASICS 1 Table le of Contents Appointments Personnel Information Salary

PAYROLL/PERSONNEL SYSTEM BASICS 1 Table le of Contents Appointments Personnel Information Salary Scales Pay Schedules and Types Payroll/Personnel System Personnel Actions Two Types of PPS 2 APPOINTMENTS The first step

1.12k views • 72 slides
n Senior Survey Results o i t u b i r Office of Planning and Institutional Research t s

n Senior Survey Results o i t u b i r Office of Planning and Institutional Research t s

n Senior Survey Results o i t u b i r Office of Planning and Institutional Research t s i D Judith Jaffe r Mitchell Albury o f Xuchen Zhou t o N July 26, 2017 Senior Survey Presentation Introduction Overview n

901 views • 69 slides
A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director

A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director

#RSAC SESSION ID: HUM-R02 A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director Technical Solutions Team Lead CERT National Insider Threat Center CERT National Insider Threat Center Software

784 views • 35 slides
Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz 1 Toni Masteli 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU

683 views • 46 slides

More recommend