through a security lens
play

Through A Security Lens with Mark Nunnikhoven | @marknca @marknca - PowerPoint PPT Presentation

Gene Kims ^ Through A Security Lens with Mark Nunnikhoven | @marknca @marknca 2013 2016 2018 2019 @marknca 2013 2016 2018 2019 Development and Operations should work together Here are tactics and playbooks to help Heres data to


  1. Gene Kim’s ^ Through A Security Lens with Mark Nunnikhoven | @marknca @marknca

  2. 2013 2016 2018 2019 @marknca

  3. 2013 2016 2018 2019 Development and Operations should work together Here are tactics and playbooks to help Here’s data to help support the cultural transformation Development needs better tooling & support @marknca

  4. Roadblocks Lack of understanding of what needs to be in place to deliver desired outcomes Getting data to where it can be used most effectively Opposition to cultural change @marknca

  5. The Five Ideals Locality and simplicity Focus, flow, and joy Improvement of daily work Psychological safety Customer focus @marknca

  6. Maxine @marknca

  7. Gets hit with an outage Is Dealt an outrage Starts a maddening new journey Her experiences frame the cultural changes in the org Maxine @marknca

  8. Maxine William (DevOps) (Security) @marknca

  9. 1 Locality and Simplicity @marknca

  10. 1 Maxine (DevOps) NOT local and NOT simple Licenses “I need to deploy” Code Access Resources Customers Stakeholders Stakeholders Stakeholders Stakeholders Stakeholders @marknca

  11. 1 Maxine (DevOps) “Please accomplish this goal” Stakeholders “I need to deploy” Customers Local and simple Access Code Licenses Resources @marknca

  12. 1 William Helping development (Security) “I have to approve/verify/audit” Code Access @marknca

  13. 1 William Helping development (Security) “I have to approve/verify/audit” Educate Code Access API/Self-service DON’T DO @marknca

  14. 1 William Helping yourself (Security) Centralize logging access/analysis Centralize audit access Setup guardrails for other teams @marknca

  15. 2 Focus, Flow, and Joy @marknca

  16. 2 Maxine (DevOps) Use tools that make solving problems easier Focus on solving the business problem Leverage platforms for immediacy and fast feedback @marknca

  17. 2 William Helping development (Security) Provide self-service for security Immutable platform DevOps Flow @marknca

  18. 2 William Helping yourself (Security) Automate absolutely everything …even the ones that are “special” …even the ones that are “impossible” @marknca

  19. 3 Improvement of Daily Work @marknca

  20. Security is really bad at this. @marknca

  21. 3 Maxine (DevOps) “Stop all work” Experiment Fix Work Work Idea Feedback Innovation Flywheel Andon Cord @marknca

  22. 3 William Helping development (Security) Educate API/Self-service @marknca

  23. 3 William Helping yourself (Security) “Stop all work” Don’t accumulate technical debt Fix Don’t accumulate security debt Work Work Automate in place Andon Cord @marknca

  24. 4 Psychological Safety @marknca

  25. 4 Maxine (DevOps) Foster a culture where… • It’s ok to make a mistake • There’s no fear of reprisal • It’s normal to discuss problems openly @marknca

  26. 4 William Helping development (Security) Don’t assign blame Support a culture of teaching & learning Trust & enable…and yes, verify @marknca

  27. 4 William Helping yourself (Security) Foster a culture where… • It’s ok to make a mistake • There’s no fear of reprisal • It’s normal to discuss problems openly @marknca

  28. 5 Customer Focus @marknca

  29. 5 Maxine (DevOps) Focus on the core of the business, not context “Does this matter to our customer?” as a guiding light Remove work that doesn’t matter @marknca

  30. 5 William Helping development & yourself (Security) Focus on the core of the business, not context “Does this matter to our customer?” as a guiding light Remove work that doesn’t matter @marknca

  31. Keys To Success @marknca

  32. The Five Ideals Locality and simplicity Focus, flow, and joy Improvement of daily work Psychological safety Customer focus Apply equally to security & development @marknca

  33. 5 Your Security Practice Focus Educate development about security concerns Provide self-service/API driven security tools Improve your daily work through relentless automation @marknca

  34. Thank You Mark Nunnikhoven Vice President, Cloud Research Trend Micro @marknca | https://markn.ca @marknca

Recommend


More recommend