Abstract image of a woman sitting on books and studying on a laptop

DevSecOps Manchester - May 2019

Download as PPTX, PDF
M
Michael Man

This document discusses plans for a DevSecOps meetup event in London in May 2019. It provides information on organizing the event including finding venues, speakers, and sponsors. It also lists related DevSecOps groups and conferences. At the end, it announces an anniversary event in September 2019 and provides initial details on speakers and topics.

Technology
1 of 10
Download to read offline
1
2
3
4
5
6
7
8
9
10
DevSecOps – London Gathering May 2019
THE JOURNEY … • Venue (s) • Do you need support from vendors • Speakers • What content • Defining a theme • Recordings; Streaming • Give-aways (not prizes) • Format of meetup • How long • Networking • Collaboration
WAYS TO STAY IN TOUCH https://www.meetup.com/DevSecOps-London-Gathering https://twitter.com/DevSecOps_LG https://www.linkedin.com/company/devsecops-london-gathering https://github.com/DevSecOps-LondonGathering https://www.youtube.com/channel/UCR4oVMkRjNN2OQaWMiBcfJA
SLIDES & REFERENCES https://www.vr-security.com/references https://www.vr-security.com/presentations
SHOUT OUT *** Meetups *** OWASP London Chapter www.meetup.com/OWASP-London/ OWASP WIA www.meetup.com/womeninappsec/ DevSecOps Manchester www.meetup.com/DevSecOps-Manchester/ DevSecOps – Netherlands www.meetup.com/DevSecOps-Netherlands/ LLHS www.meetup.com/LLHS-Ladies-of-London-Hacking-Society/ *** Technology Specific *** Istio London www.meetup.com/Istio-London/ Kubernetes London www.meetup.com/Kubernetes-London/ Threat Modeling www.meetup.com/The-Threat-Modeling-Meetup/ Docker London www.meetup.com/Docker-London/
SHOUT OUT *** Conferences *** DevSecCon London https://www.devseccon.com/london-2019/ Open Security Summit https://open-security-summit.org/ Bsides London https://www.securitybsides.org.uk/
DEVSECOPS – LONDON GATHERING ANNIVERSARY EVENT 2019 Date: Wednesday 11th September Venue: Near St Paul’s Speakers so far: • Dr. Helen Thackray Topics: • Rounding up a few vendors to show us how they conduct secure development. • Playing back what hiring has been like the last year. Sponsorship/Support so far:
DevSecOps – People & Culture • Break down the silo; no change here, just like the original DevOps movement • Not aware of what is going on – likely you are not part of the “DevSecOps” team; leave your ivory tower and build relationships • Conduct a Value Stream Mapping exercise to optimize your delivery (rinse and repeat) • Drill down and sketch out the details of each workflow before solutionising • Try new checks/controls as part of the pipeline
IDE Static Code Analysis SCM Dynamic Analysis Open Source Software Security Security Testing Framework Binary Repository Define Security Test CasesThreat Modeling Security Standards Automation Tools: Passing Criteria Risk Management Out of Band Security Testing Security Champions DevSecOps Engineer Security Audit Artifacts CI Build Server DevSecOps – Tooling & Assurance Examples (May 2019) curl nmap sslyze sqlmap Interactive Testing Infrastructure Assurance Threat Modeling Container Security
Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Updated: May 2019 Container Security Infrastructure Scanning

More Related Content

PPTX
Apereo portlet showcase 2017
Benito Gonzalez
 
PDF
Getting Started with SharePoint solutions and GitHub
Laurent Sittler
 
PPTX
Extract: DevSecOps - London Gathering (March 2019)
Michael Man
 
PDF
IAN Stack: Ionic, Angular and Nest.js
FyodorL
 
PDF
How to Grow and Measure Your API Program - I ♥ APIs 2015
Andrew Mager
 
PPTX
Devoxx 2016 Using Jenkins, Gerrit and Spark for Continuous Delivery Analytics
Luca Milanesio
 
PDF
Leaflet-IIIF: Plugins and Extensibility with IIIF
IIIF_io
 
PDF
Waltz-Controls presentation for Canadian Light Source
Igor Khokhryakov
 
Apereo portlet showcase 2017
Benito Gonzalez
 
Getting Started with SharePoint solutions and GitHub
Laurent Sittler
 
Extract: DevSecOps - London Gathering (March 2019)
Michael Man
 
IAN Stack: Ionic, Angular and Nest.js
FyodorL
 
How to Grow and Measure Your API Program - I ♥ APIs 2015
Andrew Mager
 
Devoxx 2016 Using Jenkins, Gerrit and Spark for Continuous Delivery Analytics
Luca Milanesio
 
Leaflet-IIIF: Plugins and Extensibility with IIIF
IIIF_io
 
Waltz-Controls presentation for Canadian Light Source
Igor Khokhryakov
 

More from Michael Man (20)

PPTX
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
PDF
K8S Certifications - Exam Cram
Michael Man
 
PDF
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
Michael Man
 
PDF
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
Michael Man
 
PPTX
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
PPTX
Extract Oct 2019: DSO-LG Rolling Slides
Michael Man
 
PPTX
Sept 2019 - DSO-LG Tooling Examples
Michael Man
 
PDF
Chris Rutter: Avoiding The Security Brick
Michael Man
 
PDF
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
PDF
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
PDF
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
PDF
August 2018: DevSecOps - London Gathering
Michael Man
 
PPTX
DevSecOps - London Gathering : June 2018
Michael Man
 
PDF
Continuous Security: From tins to containers - now what!
Michael Man
 
PDF
The mechanics behind how attackers exploit simple programming mistakes ...
Michael Man
 
PDF
Secret Management Journey - Here Be Dragons aka Secret Dragons
Michael Man
 
PPTX
DevSecOps March 2018 - Extract
Michael Man
 
PDF
DevSecOps The Evolution of DevOps
Michael Man
 
PDF
Dynaminet -DevSecOps
Michael Man
 
PPTX
DevSecOps: Test Automation
Michael Man
 
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
K8S Certifications - Exam Cram
Michael Man
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
Michael Man
 
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
Michael Man
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
Extract Oct 2019: DSO-LG Rolling Slides
Michael Man
 
Sept 2019 - DSO-LG Tooling Examples
Michael Man
 
Chris Rutter: Avoiding The Security Brick
Michael Man
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
August 2018: DevSecOps - London Gathering
Michael Man
 
DevSecOps - London Gathering : June 2018
Michael Man
 
Continuous Security: From tins to containers - now what!
Michael Man
 
The mechanics behind how attackers exploit simple programming mistakes ...
Michael Man
 
Secret Management Journey - Here Be Dragons aka Secret Dragons
Michael Man
 
DevSecOps March 2018 - Extract
Michael Man
 
DevSecOps The Evolution of DevOps
Michael Man
 
Dynaminet -DevSecOps
Michael Man
 
DevSecOps: Test Automation
Michael Man
 
Ad

Recently uploaded (20)

PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PDF
Connector Corner: Transform Unstructured Documents with Agentic Automation
DianaGray10
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
PPTX
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
PDF
A symptom-driven medical diagnosis support model based on machine learning te...
IAESIJAI
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PDF
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
PDF
Introduction to MCP and A2A Protocols: Enabling Agent Communication
Maxim Salnikov
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PPTX
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
PDF
Lung cancer patients survival prediction using outlier detection and optimize...
IAESIJAI
 
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
PDF
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
PDF
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PDF
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
Connector Corner: Transform Unstructured Documents with Agentic Automation
DianaGray10
 
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
A symptom-driven medical diagnosis support model based on machine learning te...
IAESIJAI
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
Introduction to MCP and A2A Protocols: Enabling Agent Communication
Maxim Salnikov
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
Lung cancer patients survival prediction using outlier detection and optimize...
IAESIJAI
 
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
Ad

DevSecOps Manchester - May 2019

  • 1. DevSecOps – London Gathering May 2019
  • 2. THE JOURNEY … • Venue (s) • Do you need support from vendors • Speakers • What content • Defining a theme • Recordings; Streaming • Give-aways (not prizes) • Format of meetup • How long • Networking • Collaboration
  • 3. WAYS TO STAY IN TOUCH https://www.meetup.com/DevSecOps-London-Gathering https://twitter.com/DevSecOps_LG https://www.linkedin.com/company/devsecops-london-gathering https://github.com/DevSecOps-LondonGathering https://www.youtube.com/channel/UCR4oVMkRjNN2OQaWMiBcfJA
  • 5. SHOUT OUT *** Meetups *** OWASP London Chapter www.meetup.com/OWASP-London/ OWASP WIA www.meetup.com/womeninappsec/ DevSecOps Manchester www.meetup.com/DevSecOps-Manchester/ DevSecOps – Netherlands www.meetup.com/DevSecOps-Netherlands/ LLHS www.meetup.com/LLHS-Ladies-of-London-Hacking-Society/ *** Technology Specific *** Istio London www.meetup.com/Istio-London/ Kubernetes London www.meetup.com/Kubernetes-London/ Threat Modeling www.meetup.com/The-Threat-Modeling-Meetup/ Docker London www.meetup.com/Docker-London/
  • 6. SHOUT OUT *** Conferences *** DevSecCon London https://www.devseccon.com/london-2019/ Open Security Summit https://open-security-summit.org/ Bsides London https://www.securitybsides.org.uk/
  • 7. DEVSECOPS – LONDON GATHERING ANNIVERSARY EVENT 2019 Date: Wednesday 11th September Venue: Near St Paul’s Speakers so far: • Dr. Helen Thackray Topics: • Rounding up a few vendors to show us how they conduct secure development. • Playing back what hiring has been like the last year. Sponsorship/Support so far:
  • 8. DevSecOps – People & Culture • Break down the silo; no change here, just like the original DevOps movement • Not aware of what is going on – likely you are not part of the “DevSecOps” team; leave your ivory tower and build relationships • Conduct a Value Stream Mapping exercise to optimize your delivery (rinse and repeat) • Drill down and sketch out the details of each workflow before solutionising • Try new checks/controls as part of the pipeline
  • 9. IDE Static Code Analysis SCM Dynamic Analysis Open Source Software Security Security Testing Framework Binary Repository Define Security Test CasesThreat Modeling Security Standards Automation Tools: Passing Criteria Risk Management Out of Band Security Testing Security Champions DevSecOps Engineer Security Audit Artifacts CI Build Server DevSecOps – Tooling & Assurance Examples (May 2019) curl nmap sslyze sqlmap Interactive Testing Infrastructure Assurance Threat Modeling Container Security
  • 10. Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Updated: May 2019 Container Security Infrastructure Scanning