qa devsecops
play

QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy - PDF document

Nov 11, 2022 •173 likes •337 views

10/2/19 QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy Kirk CEO, QualityWorks Consulting Group Old School Power of a Tester Being Excuse to be Nosy in all meetings Go-No-Go Paid to Keep it Real 1 10/2/19

  1. 10/2/19 ¡ ¡ QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy Kirk CEO, QualityWorks Consulting Group Old School Power of a Tester Being Excuse to be Nosy in all meetings Go-No-Go Paid to Keep it Real 1

  2. 10/2/19 ¡ ¡ SEC QA D EV OPS TEST Why DevSecOps over DevTestOps? @BrehoneMiller ... Security is seen as a high priority with all of the recent breaches (but without the quality, you just have secure crap). @queenofcode - Bob Dobbs Testing is what happens at every step, Testing is notoriously 'unsexy' in including defining the value we think appearance compared to security. Why? we might want to develop. People add I don't know - imo you can't have one things between Dev and Ops because without the other. I blame Hackers - David Clarke they think Dev is coding and Ops is (the movie). ...testing has already been support. Dev is building the product. Ops incorporated within the DevOps fold... is using it. Saying that testing is part of development is not contentious. But telling Devs that they are responsible for the security of their code is still contentious. 2

  3. 10/2/19 DevOps = Quality @ Speed It’s a Movement for Quality DevSecOps = Secure Quality @ Speed A QUALITY MOVEMENT REQUIRES CHAMPIONS Heroes Champion : A person who fights or argues for a cause or on behalf of someone else. Hero : A person of great strength and ability who carries out extraordinary deeds of bravery. 3

  4. 10/2/19 IDENTIFY YOUR HERO Diversity of Perspective Builds Great Products Understand Your Villains 4

  5. 10/2/19 Tools & Technologies 5

  6. 10/2/19 Characteristics of Iron Man Innovator Automator Tooler Problem Solver Creative Visionary TOOLS VILLAINS Lack of Trust Limited Resources Overtooling • Start small and show • Not every problem • Measure Value value requires a technical • Don’t let speed impact solution • Iteratively improve stability and the quality • Start with training and of your tools process improvement 6

  7. 10/2/19 Disciplined Practicer 7

  8. 10/2/19 Disciplined Practicer Continuous Learner Continuous Experimenter Data Driven Analyst Passionate Transparency Fails Fast Process & Discipline Villains No Room for Apathy Experimentation Fear of Failure 8

  9. 10/2/19 People & Culture 9

  10. 10/2/19 People & Culture Includer Communicator Empathizer Diplomat Gets to the Truth Trusted Collaborator Protector People & Culture Villains Doesn’t Want Change Fear and Sabotage Won’t Collaborate Transformation fails due to a lack of believers 10

  11. 10/2/19 How can you be a hero when... QUALITY IS EVERYBODY’S RESPONSIBILITY? QUALITY-DRIVEN DEVSECOPS Six Steps to QA-led DevSecOps 2 3 4 6 1 5 QA Security Operations Development User Story Measures 11

  12. 10/2/19 Step 1: Partner with Product Quality-Driven DevSecOps HULK of WONDER OF CULTURE PROCESS IRONMAN INNOVATOR Measure Quality from the Automated Acceptance Pair on Acceptance Criteria/ Customer’s Perspective Criteria Must Happen by End Promote ATDD of Sprint Step 2: Aid ScrumMaster Quality-Driven DevSecOps HULK of WONDER OF CULTURE PROCESS IRONMAN INNOVATOR Don’t let retros become Identify ways to better use Leverage metrics to reduce monotonous. It’s our process collaborative software cultural resistance bug hunt. 12

  13. 10/2/19 Step 3: Guide Quality-Driven Development Quality-Driven DevSecOps WONDER OF HULK of CULTURE PROCESS IRONMAN INNOVATOR Pair and Co-locate to Build Define, explain, and Write unit tests starter Rapid Feedback Loops validate Quality Gates for code, create and share Pipeline mock services Build Trust with Pre-Testing over Bug-Tracking Step 4: Include Security Quality-Driven DevSecOps HULK of WONDER OF CULTURE PROCESS IRONMAN INNOVATOR Don’t let the teams forget Iterate on the Definition of Done Add scripts that can validate about the voice of security to include more Definitions of security into the automation Secure suite Baby Steps over All or Nothing 13

  14. 10/2/19 Step 5: Empathize with Operations Quality-Driven DevSecOps HULK of WONDER OF CULTURE PROCESS IRONMAN INNOVATOR Leverage Test Automation to Pull Data/Conduct Analysis in Pair to solve Operational Create Operational Monitoring Production Issues Tools Integrate feedback into Best Show integration of Lessons Make Dashboards Visible Practices/Retros Learned Cross-Team Step 6: Ignite More Heroes for Quality Quality-Driven DevSecOps WONDER OF HULK of CULTURE PROCESS IRONMAN INNOVATOR Define impactful roles for Believe, protect, and those who are not Mentor, share, and eliminate doubt. collaborate of tool and automaters. automation development Drive Communities of Shift-Left Strategies to Practice (CoP) reduce mini-waterfall 14

  15. 10/2/19 There are heroes among us. Not to make us feel smaller. To remind us what makes us great. - LOIS LANE 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wabi-Sabi Your DevSecOps Presented by: Brittany

Wabi-Sabi Your DevSecOps Presented by: Brittany

AW6 DevOps Automation Wednesday, November 6th, 2019 10:30 AM Wabi-Sabi Your DevSecOps Presented by: Brittany Greenfield Wabbi

490 views • 25 slides
DevSecOps An Implementation Strategy With a Focus on Cultural Implications 6 th Annual COV

DevSecOps An Implementation Strategy With a Focus on Cultural Implications 6 th Annual COV

DevSecOps An Implementation Strategy With a Focus on Cultural Implications 6 th Annual COV Information Security Conference Richmond, Virginia April 12, 2019 Presenters Eddie McAndrew Barry Davis COO CISSO AIS Network Virginia Dept. of

566 views • 40 slides
Securing Software Supply Chains Why 3 Days Might Be Your New Normal for DevSecOps Cameron

Securing Software Supply Chains Why 3 Days Might Be Your New Normal for DevSecOps Cameron

Securing Software Supply Chains Why 3 Days Might Be Your New Normal for DevSecOps Cameron Townshend Solution Architect, APJ, Sonatype Since 2000, 52% of Fortune 500 have been replaced. Established business leaders are also under attack

515 views • 47 slides
Jumpstarting Your DevSECOps Pipeline with IAST and RASP Jeff Williams @planetlevel CTO and

Jumpstarting Your DevSECOps Pipeline with IAST and RASP Jeff Williams @planetlevel CTO and

Jumpstarting Your DevSECOps Pipeline with IAST and RASP Jeff Williams @planetlevel CTO and Co-FOUNDER Contrast Security The Average 26.7 Vulnerabilities application is extremely 21% CustomCode vulnerable 8% USED Libraries 2

598 views • 37 slides
You Build It, You Secure It ( Introduction to DevSecOps ) John Willis @botchagalupe

You Build It, You Secure It ( Introduction to DevSecOps ) John Willis @botchagalupe

You Build It, You Secure It ( Introduction to DevSecOps ) John Willis @botchagalupe https://github.com/botchagalupe/my-presentations Devops is about Humans Devops is a set of practices and patterns that turn human capital into high

600 views • 49 slides
AD39 - Making the Jump from DevOps to DevSecOps

AD39 - Making the Jump from DevOps to DevSecOps

AD39 DevOps Engineering 11:30 AM AD39 - Making the Jump from DevOps to DevSecOps Presented by: Alan Crouch

781 views • 42 slides
Is there room for SecArch in DevSecOps? (or can old dogs perform new tricks?) Dimitrios

Is there room for SecArch in DevSecOps? (or can old dogs perform new tricks?) Dimitrios

Is there room for SecArch in DevSecOps? (or can old dogs perform new tricks?) Dimitrios Petropoulos 26 April 2018 $ cut -f5 -d: /etc/passwd | grep -i petropoulos Dimitrios Petropoulos Cryptographer by education (nobodys perfect)

543 views • 18 slides
The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help

The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help

The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help make compliance secure Fen Labalme TOC How did I get here What is CivicActions What is compliance Making compliance fun Culture

1.24k views • 89 slides
How to use hacker personas to successfully build DevSecOps Pipeline Robin Yeman

How to use hacker personas to successfully build DevSecOps Pipeline Robin Yeman

How to use hacker personas to successfully build DevSecOps Pipeline Robin Yeman Lockheed Martin Sr. Fellow Lockheed Martin twitter @robinyeman Agenda DevOps and Pipeline Securing the pipeline Apply the

863 views • 26 slides
About Me CEO & Co-Founder at Snyk Find & Fix vulnerabilities in open source

About Me CEO & Co-Founder at Snyk Find & Fix vulnerabilities in open source

The Three Faces of DevSecOps Guy Podjarny (@guypod) @guypod About Me CEO & Co-Founder at Snyk Find & Fix vulnerabilities in open source dependencies! Founder @Blaze, CTO @Akamai Security work since 1997 DevOps

1.29k views • 107 slides
The Cloud Migration Playbook Part 1: A Simple Primer To Complexity Who Am I? Background Web

The Cloud Migration Playbook Part 1: A Simple Primer To Complexity Who Am I? Background Web

The Cloud Migration Playbook Part 1: A Simple Primer To Complexity Who Am I? Background Web Application Developer DevOps => DevSecOps InfoSec/Penetration Tester OWASP Hawaii Chapter Lead AWS Certifications AWS SysOps Associate AWS

520 views • 35 slides
Do Containers Enhance Application Level Security? Benjy Portnoy, CISA, CISSP # whoami

Do Containers Enhance Application Level Security? Benjy Portnoy, CISA, CISSP # whoami

Do Containers Enhance Application Level Security? Benjy Portnoy, CISA, CISSP # whoami BlueCoat-> Symantec Director, DevSecOps @AquaSecTeam I know, Ill use Ruby on Rails! * Thanks To Jim Brickman@gruntwork.io > gem install rails

960 views • 53 slides
How to Manage Risk of Your Polyglot Environments Manage Risk: Polyglot Environments Presenters

How to Manage Risk of Your Polyglot Environments Manage Risk: Polyglot Environments Presenters

How to Manage Risk of Your Polyglot Environments Manage Risk: Polyglot Environments Presenters Jeff Rouse , VP Product, ActiveState Pete Garcin , Senior Product Manager, ActiveState Larry Maccherone, Head of DevSecOps Transformation,

711 views • 42 slides
Interplay 2015 Proposal Frances Rowsell Alex Stone Strategy How we will tackle the problem

Interplay 2015 Proposal Frances Rowsell Alex Stone Strategy How we will tackle the problem

Interplay 2015 Proposal Frances Rowsell Alex Stone Strategy How we will tackle the problem Some initial challenges Only two of us - third group member left the course Difgerent work schedules - not much time to meet for collaborative

368 views • 10 slides
Thirteen Patterns of Testers Thriving in Agile Teams Presented by: Shaun Bradshaw Zenergy

Thirteen Patterns of Testers Thriving in Agile Teams Presented by: Shaun Bradshaw Zenergy

W5 Agile Testing Wednesday, May 2nd, 2018 11:30 AM Thirteen Patterns of Testers Thriving in Agile Teams Presented by: Shaun Bradshaw Zenergy Technologies, Inc Brought to you by: 350 Corporate Way, Suite 400, Orange Park, FL 32073 888 --- 268

368 views • 15 slides
Training and Learning Training and Learning Guidelines Guidelines ILO Crisis Response :

Training and Learning Training and Learning Guidelines Guidelines ILO Crisis Response :

SESSION Training and Learning Guidelines XVI 1 Training and Learning Training and Learning Guidelines Guidelines ILO Crisis Response : Trainers Guide InFocus Programme on Crisis Response and Reconstruction IFP/CRISIS SESSION Training

332 views • 19 slides
UC Berkeley School of Information MIMS 2014 Image Source: Breyer Law O ff ices T H E T E A M

UC Berkeley School of Information MIMS 2014 Image Source: Breyer Law O ff ices T H E T E A M

UC Berkeley School of Information MIMS 2014 Image Source: Breyer Law O ff ices T H E T E A M Luis Aguilar Deb Linton Kate Rushton Raymon Sutedjo-The BACK-END ENGINEER RESEARCHER FRONT-END ENGINEER & MANAGER DESIGNER Coye Cheshire

890 views • 41 slides
Salud America! Creating & Using Salud Report Cards to Impact Community Health Rosalie

Salud America! Creating & Using Salud Report Cards to Impact Community Health Rosalie

Salud America! Creating & Using Salud Report Cards to Impact Community Health Rosalie Aguilar Project Coordinator Institute for Health Promotion Research UT Health San Antonio Program Team: Amelie G. Ramirez DrPH, Kip Gallion (Deputy

853 views • 21 slides
FVAP Update Technical Guidelines Development Committee Technical Guidelines Development Committee

FVAP Update Technical Guidelines Development Committee Technical Guidelines Development Committee

FVAP Update Technical Guidelines Development Committee Technical Guidelines Development Committee NIST-EAC Dec 15 th 2011 th Demonstration and Pilot Projects DoD required by law to conduct electronic absentee voting demonstration project

623 views • 20 slides
Connecting, supporting, honoring, and serving our modern military families Navigating Employment

Connecting, supporting, honoring, and serving our modern military families Navigating Employment

Connecting, supporting, honoring, and serving our modern military families Navigating Employment Resources Introductions Erin Voirol, e_voirol@msccn.org Execu5ve Director, Military Spouse Corporate

585 views • 31 slides
Exam Ready Evening Year 11 2018 Mrs A Mills - Assistant Headteacher Progress Leader for years 10

Exam Ready Evening Year 11 2018 Mrs A Mills - Assistant Headteacher Progress Leader for years 10

Exam Ready Evening Year 11 2018 Mrs A Mills - Assistant Headteacher Progress Leader for years 10 and 11 Revision Techniques Mrs A Mills - Progress Leader for Years 10-11 What are we doing in school? Why do we encourage revision? To

1.12k views • 70 slides
Civil War - Points of Conflict Missouri (Maine) Compromise (1820) proslavery in the early 1800s,

Civil War - Points of Conflict Missouri (Maine) Compromise (1820) proslavery in the early 1800s,

Civil War - Points of Conflict Missouri (Maine) Compromise (1820) proslavery in the early 1800s, tensions began to rise between ____________________ and anti-slavery ____________________ groups across the country ! 11 11 by 1819 there were

89 views • 5 slides
Asiasoft Corporation PLC. (AS) Opportunity Day FY 2014 11 March 2015 1 Disclaimer The information

Asiasoft Corporation PLC. (AS) Opportunity Day FY 2014 11 March 2015 1 Disclaimer The information

Asiasoft Corporation PLC. (AS) Opportunity Day FY 2014 11 March 2015 1 Disclaimer The information contained in this presentation is for information purposes only and does not constitute an offer or invitation to sell or the solicitation of an

962 views • 50 slides
National Monograph Strategy London 16 th July Ben Showers, Jisc 2014 Be Ben n Sh Shower ers

National Monograph Strategy London 16 th July Ben Showers, Jisc 2014 Be Ben n Sh Shower ers

National Monograph Strategy London 16 th July Ben Showers, Jisc 2014 Be Ben n Sh Shower ers Head of Scholarly and Library Futures b.showers@jisc.ac.uk @benshowers Aim To situate CCM and its potential development in relation to other

853 views • 31 slides

More recommend