the road to rugged
play

The Road to Rugged Shannon Lietz Who I am 25+ years Technology and - PowerPoint PPT Presentation

Jun 10, 2023 •422 likes •652 views

The Road to Rugged Shannon Lietz Who I am 25+ years Technology and Security Experience Most of my career has been about being Rugged! Background in Security R&D Working with the Cloud before it was called the Cloud --

  1. The Road to Rugged Shannon Lietz

  3. Who I am • 25+ years Technology and Security Experience • Most of my career has been about being Rugged! • Background in Security R&D • Working with the Cloud before it was called the “Cloud” -- FOUNDER -- • Manage my teams using DevOps and Scrum • IR & Crisis Management

  4. Disclaimer • Mistakes happen • The truth may be difficult to bear • Unknown unknowns will get discovered • Success means less 3am phone calls • Security is a broad topic • Rugged takes practice

  5. Why is Rugged Important? • Case for change is very compelling! • Planning != Good Code, Less Security Breaches • Perfection takes too long to get wrong No one enjoys getting woken up to solve for someone else’s mistakes, especially security breaches!!

  6. This isn’t rugged or helpful… Double-click Click "Next" Click "Next" • • • installer Security UBERSECRET Click "Next" Click "Next" • • Configuration Click "Next" • • Click "Next" • Enter credentials Procedures V 3.6.0.1.1, • Click "Next" Click "Next" Click "Next" • • January 2011 Click "Next" • Click "Next" Click "Finish" • • Click "Next" • • Click "Next" • Click "Next" • Click "Next" • Click "Next" Click "Next" • Click "Next" • Page 3 of 267 Click "Next" • Frozen in Time

  7. And this just creates friction… ? YOUR YOU CUSTOMER Hopefully it’s Why does it take not going to be so long for another round of features? “No’s”… CISO

  8. Which makes everyone… Bang Head Here

  9. But - What if Security can be 
 Rugged? DevSec Ops Security Engineering Security Operations Compliance Security Science Operations Experiment, Hunt, Detect, Respond, Manage, Learn, Measure, Automate, Test Contain Train Forecast

  10. Let’s Get Rugged!!! Problem Statement DevOps requires continuous Deployments • • Fast decision making is critical to DevOps success Traditional Security just doesn’t scale or move fast enough… • Welcome DevSecOps!! Customer focused Mindset • Scale, Scale, Scale • • Objective Criteria Proactive Hunting • Continuous Detection & Response •

  11. What if Security were no 
 longer just theory?

  12. What if you could check 
 Security via API? Or Self-Service? • begin • (iam.client.list_role_policies(:role_name => role)[:policy_names]\ • - roledb.list_policies(role)).each do |policy| • log.warn("Deleting Policy \"#{policy}\", which is not part of the approved baseline.") • if policydiff("{}", Account Grade: • URI.decode(iam.client.get_role_policy(\ • :role_name => role, B • :policy_name => policy • )[:policy_document]), • {:argv => ARGV, :diff => options.diff}) • end • options.dryrun ? nil : \ • iam.client.delete_role_policy( • :role_name => role, • :policy_name => policy Heal Account? • ) • end

  13. Sign me up! What’s next? Ops AppSec • Security as Code Dev Sec • Self-Service Testing • Red Team/Blue Team Security Science Engineer • Inline Enforcement Security • Analytics & Insights ing Complian • Detect & Contain Operatio N Operatio NEW Security E W ce • Incident Response ns ns • Investigations • Forensics NEW

  14. Migrate App Security into 
 DevOps Teams • Planning Security • Testing Features for Secure Components Security Defects Scanners • Integrating Security Testing into CICD Instrumentation • Remediating Security Issues

  15. Red Team Via 
 Security Engineering • #RedTeamMonday • Developing Secure Code Components • Reverse Engineering & Exploits • Increased Education • Mass Reconnaissance • Scoring & Prioritization

  16. Enforce in Real-time with 
 Compliance Operations • Metrics & Reporting • Discover Compliance Issues in Real-time • Improve maturity of controls • Prepare for Security Operations & Red Team

  17. Blue Team via 
 Security Operations • Detect & Contain • Research Red Team Events • Keep Track of Threat Intel • Develop Monitoring & Alerting • Triage Events • Perform Forensics

  18. Data is Critical threat intel AWS accounts EC2 CloudTrail insights S3 ingestion security security science Glacier tools & data

  19. Emerging Security Trends • Shortage of Security Professionals • Big companies are attempting to scale security to move faster: Facebook, Netflix, LinkedIn, AWS, Intuit • Industry Leaders talking about the integration of DevOps & Security: Joe Sullivan, Jason Chan, Gene Kim, Josh Corman • Introduction of DevSecOps at MIRCon in 2014 • SecDevOps at RSA 2015 was full day of dedicated content • LinkedIn People Search: 36 DevSecOps, 13 SecDevOps, 11 DevOpsSec, 33k+ Cloud Security

  21. Thanks !

Recommend

What is Rugged All About? Faster/Safer w/ Rugged DevOps Joshua Corman @joshcorman Rugged Software

What is Rugged All About? Faster/Safer w/ Rugged DevOps Joshua Corman @joshcorman Rugged Software

What is Rugged All About? Faster/Safer w/ Rugged DevOps Joshua Corman @joshcorman Rugged Software @RuggedSoftware ~ Marc Andreessen 2011 10/23/2013 6 @joshcorman 7 Trade Offs Costs & Benefits 10/23/2013 8 @joshcorman

1.03k views • 78 slides
What is Rugged all about? Matt Konda He would want me to tell you Software is eating

What is Rugged all about? Matt Konda He would want me to tell you Software is eating

What is Rugged all about? Matt Konda He would want me to tell you Software is eating the world. DevOps and Security is a rare opportunity. Makes security positive, cultural+ Show the Rugged Manifesto Honey Badger =

1.74k views • 124 slides
Investor Overview february 2014 1 a global leader and innovator in rugged tablet PCs for

Investor Overview february 2014 1 a global leader and innovator in rugged tablet PCs for

Investor Overview february 2014 1 a global leader and innovator in rugged tablet PCs for over fifteen years developers developers of the of the most rugged tablets in the market 2 Notice: This Presentation (the

512 views • 22 slides
The Great Depression Outcome: Herbert Hoover and Rugged Individualism

The Great Depression Outcome: Herbert Hoover and Rugged Individualism

The Great Depression Outcome: Herbert Hoover and Rugged Individualism Herbert Hoover & Rugged Individualism 1. Presidency a. Won big in election of 1928

259 views • 11 slides
LITTLE LIVERPOOL RANGE From out that rough and rugged range a lofty peak arose, with

LITTLE LIVERPOOL RANGE From out that rough and rugged range a lofty peak arose, with

LITTLE LIVERPOOL RANGE From out that rough and rugged range a lofty peak arose, with buttressed base and spreading spurs, in stately calm repose. Why is the range important? Wildlife corridor Home to threatened species Balancing

576 views • 20 slides
Mediterranean Sea Rugged, Irregular Coastlinegreat for Pick ONE. Slides or Fill ins?

Mediterranean Sea Rugged, Irregular Coastlinegreat for Pick ONE. Slides or Fill ins?

5/30/2017 Mediterranean Sea Rugged, Irregular Coastlinegreat for Pick ONE. Slides or Fill ins? trade & travel Connects Europe, Asia, Africa Review Checkpoint #1 is today. I will be taking your folder. Europe Part 1 Review

437 views • 9 slides
Introducing the ALGIZ RT8 Ultra-rugged efficiency ALGIZ RT8 Key features Mobility first

Introducing the ALGIZ RT8 Ultra-rugged efficiency ALGIZ RT8 Key features Mobility first

Introducing the ALGIZ RT8 Ultra-rugged efficiency ALGIZ RT8 Key features Mobility first Real-world capabilities Outdoor ruggedness Accessories for efficiency Advanced software layer ALGIZ RT8 Small profile, big impact

189 views • 17 slides
SCORPION B SCAN CRAWLER What is the Scorpion B Scan Crawler? The Scorpion is a rugged

SCORPION B SCAN CRAWLER What is the Scorpion B Scan Crawler? The Scorpion is a rugged

SCORPION B SCAN CRAWLER What is the Scorpion B Scan Crawler? The Scorpion is a rugged remote access ultrasonic crawler designed to allow cost Effective A and B-scan imaging on above ground ferro-magnetic structures without the need for

387 views • 3 slides
Season What is NMU SAE Baja? NMU SAE Baja is: Engineering Manufacturing Marketing

Season What is NMU SAE Baja? NMU SAE Baja is: Engineering Manufacturing Marketing

2012-2013 Season What is NMU SAE Baja? NMU SAE Baja is: Engineering Manufacturing Marketing Accounting Organization The Objective Each teams goal is to build a prototype of a rugged, single seat, off-road vehicle

476 views • 10 slides
Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman

Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman

Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman @joshcorman @joshcorman Conclusions / Apply! Idea: A full embrace of Deming is a SW Supply Chain: Fewer/Better Suppliers Highest Quality Supply

832 views • 64 slides
THE ORIGINS OF CAMP VIEW ROAD The road meets Sutton Road and Cambridge Road at a small three-way

THE ORIGINS OF CAMP VIEW ROAD The road meets Sutton Road and Cambridge Road at a small three-way

A History of Camp View Road Below is text extracted from the second Right Up My Street project presented by Romayne Hutchison and Anne Marie Kelly to Fleetville Diaries members in October 2017. THE ORIGINS OF CAMP VIEW ROAD The road

82 views • 7 slides
What is a road vehicle? Road & Non-road vehicles in the RVSA The Meaning of Road

What is a road vehicle? Road & Non-road vehicles in the RVSA The Meaning of Road

What is a road vehicle? Road & Non-road vehicles in the RVSA The Meaning of Road Vehicle Road Vehicle Standards Act 2018 (RVSA) defines a Road Vehicle as any of the following a) A motor vehicle designed solely or

1.09k views • 13 slides
ACROMAG S SMALL FORM FACTOR RUGGED SOLUTION

ACROMAG S SMALL FORM FACTOR RUGGED SOLUTION

ACROMAG S SMALL FORM FACTOR RUGGED SOLUTION www.acromag.com 248-624-1541 www.acromag.com 248-624-1541

814 views • 26 slides
Municipal Class Environmental Assessments Mayfield Road PIC # 1 Chinguacousy Road to Winston

Municipal Class Environmental Assessments Mayfield Road PIC # 1 Chinguacousy Road to Winston

Municipal Class Environmental Assessments Mayfield Road PIC # 1 Chinguacousy Road to Winston Churchill Boulevard Planning & Policy Context Material Mayfield Road PIC # 2 Heart Lake Road to Chinguacousy Road Strategic Plan and Term of

665 views • 8 slides
Pouley Road Rustic Road Designation Pouley Road Rustic Road Designation Process From March 2006 to

Pouley Road Rustic Road Designation Pouley Road Rustic Road Designation Process From March 2006 to

Pouley Road Rustic Road Designation Pouley Road Rustic Road Designation Process From March 2006 to September2014 State Law required Village to annex to the far side of Application of Pouley Pouley Rd. resulting in the Road as a Rustic

361 views • 3 slides
VULNERABLE ROAD USERS (VRU) AND THE VULNERABILITY OF ROAD SAFETY PERFORMANCE What are the

VULNERABLE ROAD USERS (VRU) AND THE VULNERABILITY OF ROAD SAFETY PERFORMANCE What are the

VULNERABLE ROAD USERS (VRU) AND THE VULNERABILITY OF ROAD SAFETY PERFORMANCE What are the low-hanging fruits for Low and Middle Income Countries (LMIC)? PROFESSOR DR. AHMAD FARHAN MOHD SADULLAH UNIVERSITI SAINS MALAYSIA Safer Road by

1.58k views • 45 slides
Cooper Road Improvements 3,500 feet North of Chandler Heights Road to Riggs Road ST1503.201,

Cooper Road Improvements 3,500 feet North of Chandler Heights Road to Riggs Road ST1503.201,

Cooper Road Improvements 3,500 feet North of Chandler Heights Road to Riggs Road ST1503.201, CHN0235, SZ18103D Public Meeting No. 2 March 28, 2017 Project Overview City roads are classified as: Locals Collectors Arterials

661 views • 12 slides
The Road to Certification What you need to do to prepare for your on-road exam Review this

The Road to Certification What you need to do to prepare for your on-road exam Review this

The Road to Certification What you need to do to prepare for your on-road exam Review this presentation Be prepared to answer questions based on this presentation Bring a copy of your current drivers license The on-road portion

526 views • 11 slides
Townline Road (Regional Road 55) Class Environmental Assessment Road and Drainage Improvements

Townline Road (Regional Road 55) Class Environmental Assessment Road and Drainage Improvements

Townline Road (Regional Road 55) Class Environmental Assessment Road and Drainage Improvements Public Information Centre June 19, 2019 6:30-7:30 p.m. Pierre Elliott Trudeau Public School 1111 Beatrice Street East, Oshawa L1K 2S7 Thank you

690 views • 12 slides
Histon Road Streetscape Proposals Andy Cocks CMLI & Toby Edwards Histon Road LLF, 8 October

Histon Road Streetscape Proposals Andy Cocks CMLI & Toby Edwards Histon Road LLF, 8 October

Histon Road Streetscape Proposals Andy Cocks CMLI & Toby Edwards Histon Road LLF, 8 October 2018 Area 1 - Gilbert Road / Warwick Road 4 Action Areas Area 3 - Brownlow Road and Blackhall Road Area 2 - Akeman Street Area 4 - Vegetation

641 views • 17 slides
Keynote

Keynote

Keynote Agile, Lean, Rugged The Paper Edition!

796 views • 51 slides
TOWARDS IMPLEMENTING ROAD SAFETY INSPECTION ( ) IN MALAYSIA ROAD SAFETY INSPECTION IR.

TOWARDS IMPLEMENTING ROAD SAFETY INSPECTION ( ) IN MALAYSIA ROAD SAFETY INSPECTION IR.

TOWARDS IMPLEMENTING ROAD SAFETY INSPECTION ( ) IN MALAYSIA ROAD SAFETY INSPECTION IR. Dr. MUHAMMAD MARIZWAN BIN ABDUL MANAN Road Safety Engineering and Environment Research Center (REER) Malaysian Institute of Road Safety Research

639 views • 33 slides
1 Description: Grip Road traveling East of the mine entrance. Four 90 degree turns are not

1 Description: Grip Road traveling East of the mine entrance. Four 90 degree turns are not

Description: The haul route from CNW pit near Kelleher Road and Old Highway 99 North. Traveling North on Old 99 to Prairie Road, East on Prairie Road to Grip Road, East on Grip Road to the entrance of the haul road, North approximately 2 miles on

509 views • 17 slides
SAWMI LL ROAD / BRI GHT ROAD CORRI DOR STUDY PROJECT OVERVIEW NOVEMBER 29, 2016 AGENDA

SAWMI LL ROAD / BRI GHT ROAD CORRI DOR STUDY PROJECT OVERVIEW NOVEMBER 29, 2016 AGENDA

SAWMI LL ROAD / BRI GHT ROAD CORRI DOR STUDY PROJECT OVERVIEW NOVEMBER 29, 2016 AGENDA Sawmill Road/Bright Road Corridor Study Project background Next steps Preliminary ideas Additional Bright Road Projects Cul-de-sac

521 views • 18 slides

More recommend