the road to rugged
play

The Road to Rugged Shannon Lietz Who I am 25+ years Technology and - PowerPoint PPT Presentation

Jun 10, 2023 •422 likes •652 views

The Road to Rugged Shannon Lietz Who I am 25+ years Technology and Security Experience Most of my career has been about being Rugged! Background in Security R&D Working with the Cloud before it was called the Cloud --

  1. The Road to Rugged Shannon Lietz

  3. Who I am • 25+ years Technology and Security Experience • Most of my career has been about being Rugged! • Background in Security R&D • Working with the Cloud before it was called the “Cloud” -- FOUNDER -- • Manage my teams using DevOps and Scrum • IR & Crisis Management

  4. Disclaimer • Mistakes happen • The truth may be difficult to bear • Unknown unknowns will get discovered • Success means less 3am phone calls • Security is a broad topic • Rugged takes practice

  5. Why is Rugged Important? • Case for change is very compelling! • Planning != Good Code, Less Security Breaches • Perfection takes too long to get wrong No one enjoys getting woken up to solve for someone else’s mistakes, especially security breaches!!

  6. This isn’t rugged or helpful… Double-click Click "Next" Click "Next" • • • installer Security UBERSECRET Click "Next" Click "Next" • • Configuration Click "Next" • • Click "Next" • Enter credentials Procedures V 3.6.0.1.1, • Click "Next" Click "Next" Click "Next" • • January 2011 Click "Next" • Click "Next" Click "Finish" • • Click "Next" • • Click "Next" • Click "Next" • Click "Next" • Click "Next" Click "Next" • Click "Next" • Page 3 of 267 Click "Next" • Frozen in Time

  7. And this just creates friction… ? YOUR YOU CUSTOMER Hopefully it’s Why does it take not going to be so long for another round of features? “No’s”… CISO

  8. Which makes everyone… Bang Head Here

  9. But - What if Security can be 
 Rugged? DevSec Ops Security Engineering Security Operations Compliance Security Science Operations Experiment, Hunt, Detect, Respond, Manage, Learn, Measure, Automate, Test Contain Train Forecast

  10. Let’s Get Rugged!!! Problem Statement DevOps requires continuous Deployments • • Fast decision making is critical to DevOps success Traditional Security just doesn’t scale or move fast enough… • Welcome DevSecOps!! Customer focused Mindset • Scale, Scale, Scale • • Objective Criteria Proactive Hunting • Continuous Detection & Response •

  11. What if Security were no 
 longer just theory?

  12. What if you could check 
 Security via API? Or Self-Service? • begin • (iam.client.list_role_policies(:role_name => role)[:policy_names]\ • - roledb.list_policies(role)).each do |policy| • log.warn("Deleting Policy \"#{policy}\", which is not part of the approved baseline.") • if policydiff("{}", Account Grade: • URI.decode(iam.client.get_role_policy(\ • :role_name => role, B • :policy_name => policy • )[:policy_document]), • {:argv => ARGV, :diff => options.diff}) • end • options.dryrun ? nil : \ • iam.client.delete_role_policy( • :role_name => role, • :policy_name => policy Heal Account? • ) • end

  13. Sign me up! What’s next? Ops AppSec • Security as Code Dev Sec • Self-Service Testing • Red Team/Blue Team Security Science Engineer • Inline Enforcement Security • Analytics & Insights ing Complian • Detect & Contain Operatio N Operatio NEW Security E W ce • Incident Response ns ns • Investigations • Forensics NEW

  14. Migrate App Security into 
 DevOps Teams • Planning Security • Testing Features for Secure Components Security Defects Scanners • Integrating Security Testing into CICD Instrumentation • Remediating Security Issues

  15. Red Team Via 
 Security Engineering • #RedTeamMonday • Developing Secure Code Components • Reverse Engineering & Exploits • Increased Education • Mass Reconnaissance • Scoring & Prioritization

  16. Enforce in Real-time with 
 Compliance Operations • Metrics & Reporting • Discover Compliance Issues in Real-time • Improve maturity of controls • Prepare for Security Operations & Red Team

  17. Blue Team via 
 Security Operations • Detect & Contain • Research Red Team Events • Keep Track of Threat Intel • Develop Monitoring & Alerting • Triage Events • Perform Forensics

  18. Data is Critical threat intel AWS accounts EC2 CloudTrail insights S3 ingestion security security science Glacier tools & data

  19. Emerging Security Trends • Shortage of Security Professionals • Big companies are attempting to scale security to move faster: Facebook, Netflix, LinkedIn, AWS, Intuit • Industry Leaders talking about the integration of DevOps & Security: Joe Sullivan, Jason Chan, Gene Kim, Josh Corman • Introduction of DevSecOps at MIRCon in 2014 • SecDevOps at RSA 2015 was full day of dedicated content • LinkedIn People Search: 36 DevSecOps, 13 SecDevOps, 11 DevOpsSec, 33k+ Cloud Security

  21. Thanks !

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is Rugged All About? Faster/Safer w/ Rugged DevOps Joshua Corman @joshcorman Rugged Software

What is Rugged All About? Faster/Safer w/ Rugged DevOps Joshua Corman @joshcorman Rugged Software

What is Rugged All About? Faster/Safer w/ Rugged DevOps Joshua Corman @joshcorman Rugged Software @RuggedSoftware ~ Marc Andreessen 2011 10/23/2013 6 @joshcorman 7 Trade Offs Costs & Benefits 10/23/2013 8 @joshcorman

1.03k views • 78 slides
What is Rugged all about? Matt Konda He would want me to tell you Software is eating

What is Rugged all about? Matt Konda He would want me to tell you Software is eating

What is Rugged all about? Matt Konda He would want me to tell you Software is eating the world. DevOps and Security is a rare opportunity. Makes security positive, cultural+ Show the Rugged Manifesto Honey Badger =

1.74k views • 124 slides
Investor Overview february 2014 1 a global leader and innovator in rugged tablet PCs for

Investor Overview february 2014 1 a global leader and innovator in rugged tablet PCs for

Investor Overview february 2014 1 a global leader and innovator in rugged tablet PCs for over fifteen years developers developers of the of the most rugged tablets in the market 2 Notice: This Presentation (the

512 views • 22 slides
The Great Depression Outcome: Herbert Hoover and Rugged Individualism

The Great Depression Outcome: Herbert Hoover and Rugged Individualism

The Great Depression Outcome: Herbert Hoover and Rugged Individualism Herbert Hoover & Rugged Individualism 1. Presidency a. Won big in election of 1928

259 views • 11 slides
LITTLE LIVERPOOL RANGE From out that rough and rugged range a lofty peak arose, with

LITTLE LIVERPOOL RANGE From out that rough and rugged range a lofty peak arose, with

LITTLE LIVERPOOL RANGE From out that rough and rugged range a lofty peak arose, with buttressed base and spreading spurs, in stately calm repose. Why is the range important? Wildlife corridor Home to threatened species Balancing

576 views • 20 slides
Mediterranean Sea Rugged, Irregular Coastlinegreat for Pick ONE. Slides or Fill ins?

Mediterranean Sea Rugged, Irregular Coastlinegreat for Pick ONE. Slides or Fill ins?

5/30/2017 Mediterranean Sea Rugged, Irregular Coastlinegreat for Pick ONE. Slides or Fill ins? trade & travel Connects Europe, Asia, Africa Review Checkpoint #1 is today. I will be taking your folder. Europe Part 1 Review

437 views • 9 slides
Introducing the ALGIZ RT8 Ultra-rugged efficiency ALGIZ RT8 Key features Mobility first

Introducing the ALGIZ RT8 Ultra-rugged efficiency ALGIZ RT8 Key features Mobility first

Introducing the ALGIZ RT8 Ultra-rugged efficiency ALGIZ RT8 Key features Mobility first Real-world capabilities Outdoor ruggedness Accessories for efficiency Advanced software layer ALGIZ RT8 Small profile, big impact

189 views • 17 slides
SCORPION B SCAN CRAWLER What is the Scorpion B Scan Crawler? The Scorpion is a rugged

SCORPION B SCAN CRAWLER What is the Scorpion B Scan Crawler? The Scorpion is a rugged

SCORPION B SCAN CRAWLER What is the Scorpion B Scan Crawler? The Scorpion is a rugged remote access ultrasonic crawler designed to allow cost Effective A and B-scan imaging on above ground ferro-magnetic structures without the need for

387 views • 3 slides
Season What is NMU SAE Baja? NMU SAE Baja is: Engineering Manufacturing Marketing

Season What is NMU SAE Baja? NMU SAE Baja is: Engineering Manufacturing Marketing

2012-2013 Season What is NMU SAE Baja? NMU SAE Baja is: Engineering Manufacturing Marketing Accounting Organization The Objective Each teams goal is to build a prototype of a rugged, single seat, off-road vehicle

476 views • 10 slides
Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman

Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman

Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman @joshcorman @joshcorman Conclusions / Apply! Idea: A full embrace of Deming is a SW Supply Chain: Fewer/Better Suppliers Highest Quality Supply

832 views • 64 slides
THE ORIGINS OF CAMP VIEW ROAD The road meets Sutton Road and Cambridge Road at a small three-way

THE ORIGINS OF CAMP VIEW ROAD The road meets Sutton Road and Cambridge Road at a small three-way

A History of Camp View Road Below is text extracted from the second Right Up My Street project presented by Romayne Hutchison and Anne Marie Kelly to Fleetville Diaries members in October 2017. THE ORIGINS OF CAMP VIEW ROAD The road

82 views • 7 slides
What is a road vehicle? Road & Non-road vehicles in the RVSA The Meaning of Road

What is a road vehicle? Road & Non-road vehicles in the RVSA The Meaning of Road

What is a road vehicle? Road & Non-road vehicles in the RVSA The Meaning of Road Vehicle Road Vehicle Standards Act 2018 (RVSA) defines a Road Vehicle as any of the following a) A motor vehicle designed solely or

1.09k views • 13 slides
ACROMAG S SMALL FORM FACTOR RUGGED SOLUTION

ACROMAG S SMALL FORM FACTOR RUGGED SOLUTION

ACROMAG S SMALL FORM FACTOR RUGGED SOLUTION www.acromag.com 248-624-1541 www.acromag.com 248-624-1541

814 views • 26 slides
Municipal Class Environmental Assessments Mayfield Road PIC # 1 Chinguacousy Road to Winston

Municipal Class Environmental Assessments Mayfield Road PIC # 1 Chinguacousy Road to Winston

Municipal Class Environmental Assessments Mayfield Road PIC # 1 Chinguacousy Road to Winston Churchill Boulevard Planning & Policy Context Material Mayfield Road PIC # 2 Heart Lake Road to Chinguacousy Road Strategic Plan and Term of

665 views • 8 slides
Pouley Road Rustic Road Designation Pouley Road Rustic Road Designation Process From March 2006 to

Pouley Road Rustic Road Designation Pouley Road Rustic Road Designation Process From March 2006 to

Pouley Road Rustic Road Designation Pouley Road Rustic Road Designation Process From March 2006 to September2014 State Law required Village to annex to the far side of Application of Pouley Pouley Rd. resulting in the Road as a Rustic

361 views • 3 slides
VULNERABLE ROAD USERS (VRU) AND THE VULNERABILITY OF ROAD SAFETY PERFORMANCE What are the

VULNERABLE ROAD USERS (VRU) AND THE VULNERABILITY OF ROAD SAFETY PERFORMANCE What are the

VULNERABLE ROAD USERS (VRU) AND THE VULNERABILITY OF ROAD SAFETY PERFORMANCE What are the low-hanging fruits for Low and Middle Income Countries (LMIC)? PROFESSOR DR. AHMAD FARHAN MOHD SADULLAH UNIVERSITI SAINS MALAYSIA Safer Road by

1.58k views • 45 slides
Care Programs: Anticipating Program Challenges and Identifying Solutions Brynn Bowman, MPA CAPC

Care Programs: Anticipating Program Challenges and Identifying Solutions Brynn Bowman, MPA CAPC

A Road Map for Home-Based Palliative Care Programs: Anticipating Program Challenges and Identifying Solutions Brynn Bowman, MPA CAPC Jeanne Twohig, MPA CAPC Consultant Donna Stevens, MHA Lehigh Valley Health Network June 20, 2018 Join us

460 views • 29 slides
Report to the Drucker Forum November 6, 2015 www.scrumalliance.org

Report to the Drucker Forum November 6, 2015 www.scrumalliance.org

Report to the Drucker Forum November 6, 2015 www.scrumalliance.org learningconsortium@scrumalliance.org The Learning Consortium for the Creative Economy Ericsson Menlo Innovations Microsoft Riot Games CH Robinson Magna International

1.24k views • 77 slides
Using Rust on RIOT OS Christian M. Ams uss <ca@etonomy.org> 2019-09-05 RIOT Summit,

Using Rust on RIOT OS Christian M. Ams uss <ca@etonomy.org> 2019-09-05 RIOT Summit,

Using Rust on RIOT OS Christian M. Ams uss <ca@etonomy.org> 2019-09-05 RIOT Summit, Helsinki Outline The Rust language and ecosystem Rust on embedded systems Rust on RIOT Simple things: functions and variables fn

804 views • 24 slides
spectacular but totally different? This man did. His name is Charles Austin Miles. He started

spectacular but totally different? This man did. His name is Charles Austin Miles. He started

Ever start out doing one thing and end up in Gods hands doing something spectacular but totally different? This man did. His name is Charles Austin Miles. He started out wanting to be a pharmacist (work at a drug store making medicines for

373 views • 23 slides
Can the Chicken Cross the Road? A cyber physical system by Eugene Choi and Bohan LI Why study

Can the Chicken Cross the Road? A cyber physical system by Eugene Choi and Bohan LI Why study

Can the Chicken Cross the Road? A cyber physical system by Eugene Choi and Bohan LI Why study this problem? Real world applications Avoiding obstacles with predetermined paths Drone flying in airspace with commercial airlines

261 views • 9 slides
Night life and road safety: a comparison of 7 Italian cities Giovanni Luca Ciampaglia WARNING:

Night life and road safety: a comparison of 7 Italian cities Giovanni Luca Ciampaglia WARNING:

Night life and road safety: a comparison of 7 Italian cities Giovanni Luca Ciampaglia WARNING: NO networks in this talk! Genesis TBDC 15: The data 7 major Italian cities: (Rome, Naples, Milan, Turin, Venice, Bari, Palermo) North to

577 views • 23 slides
Stat 8931 (Aster Models) Lecture Slides Deck 7 Charles J. Geyer School of Statistics University

Stat 8931 (Aster Models) Lecture Slides Deck 7 Charles J. Geyer School of Statistics University

Stat 8931 (Aster Models) Lecture Slides Deck 7 Charles J. Geyer School of Statistics University of Minnesota June 7, 2015 Simulation What cannot be done by theory can be done by brute force and ignorance. If you can simulate a probability

972 views • 69 slides
Requirements and Framework of VPN-oriented Data Center Services

Requirements and Framework of VPN-oriented Data Center Services

Requirements and Framework of VPN-oriented Data Center Services http://datatracker.ietf.org/doc/draft-so-vdcs/ Ning So ning.so@verizonbusiness.com Paul Unbehagen paul.unbehagen@alcatel-lucent.com Linda.dunbar@huawei.com Linda Dunbar

386 views • 9 slides

More recommend