SlideShare a Scribd company logo
The Rise of
Fabian Lim
/about
• DevSecOps Engineer
– 1.5 years
– Culture Hacking
– Passion in Infrastructure and Operations
• Carnegie Mellon University
– MSc Information Security Policy and Management
• Singapore Management University
– BSc Information Systems
• Gym, Krav Maga enthusiast
/journey
1. DevSecOps Engineer
2. Open-Source Projects
3. Red Team
4. Culture Hacking
5. Security Defect Reporting & Metrics
https://s-media-cache-ak0.pinimg.com/originals/f6/36/0d/f6360df9be90fa7b03cb7f4e7b5a6dc6.jpg
/peek
• A Peek into My Everyday
– Development and maintenance of in house tools
using experiments
– Security knowledge is essential to identify security
flaws
– Operations know-how of our own infrastructure so it
is resilient
• Red Team Monday is awesome!
• Blue Team All-Day is cool too!
/mindset
• Collaboration Focus
• Open and Transparent
• Prefer Shiteration over Perfection
• (Actively) “Hunting” mode over Reactive mode
• What keeps you up at night?
/how
• Everyone – needs to get their hands dirty at code
• Can-do Agile Attitude – Fail Fast, Crawl Walk Run
• Culture - Everyone is responsible for Security
• Red Teaming – Crucial to move the ‘urgency’ needle
• Metrics – to report, show trends
/why
• Passion
• Revolutionary Way of Doing Security
• Works and Improves the Security Posture of the
Company
• I Want to be Worked WITH Rather Than AGAINST
/open_source_projects
• GOAL: Get developers to be involved and
contribute your security tools
• EFFECT: Working together
• RESULT: Secure Company-Wide Projects
• TRADITION: Security Team v.s Development Team
• GOAL: We are all one – there is no ‘them’ and ‘us’
• METHOD: Security Understands Developers and
Helps to Solve Security Issues Together, not Blaming
• RESULT: Shared Sense of Responsibility
/culture
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
/red_team
• TARGET: Low-Hanging Fruit
• EFFECT: A Method to Convince
Management
• RESULT: Increases Focus and
Resources on Security
/security_defect_reporting
• GOAL: Measure State of Security
• EFFECT: Management sees
resources used effectively
• RESULT: Significantly improve
Visibility on Security Performance
/references
• devsecops.org
• github.com/devsecops/bootcamp
• @3jmaster
• http://www.devsecops.org/blog?tag=DevSecOps+Explained
/gracias

More Related Content

What's hot (20)

KEY
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
PDF
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
PDF
2019 DevSecOps Reference Architectures
Sonatype
 
PPTX
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 
PDF
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
PDF
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon
 
PDF
Ast in CI/CD by Ofer Maor
DevSecCon
 
PPTX
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
PDF
A Secure DevOps Journey
Sonatype
 
PPTX
Null application security in an agile world
Stefan Streichsbier
 
PDF
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
PPTX
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
PPTX
DevSecOps : an Introduction
Prashanth B. P.
 
PDF
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
SecureSoftwareDevOn SecureSoftwareDevOn
 
PDF
Dos and Don'ts of DevSecOps
Priyanka Aash
 
PDF
Application Security in an Agile World - Agile Singapore 2016
Stefan Streichsbier
 
PDF
DevSecOps and the CI/CD Pipeline
James Wickett
 
PDF
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
PDF
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
 
PDF
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
2019 DevSecOps Reference Architectures
Sonatype
 
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon
 
Ast in CI/CD by Ofer Maor
DevSecCon
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
A Secure DevOps Journey
Sonatype
 
Null application security in an agile world
Stefan Streichsbier
 
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
DevSecOps : an Introduction
Prashanth B. P.
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
SecureSoftwareDevOn SecureSoftwareDevOn
 
Dos and Don'ts of DevSecOps
Priyanka Aash
 
Application Security in an Agile World - Agile Singapore 2016
Stefan Streichsbier
 
DevSecOps and the CI/CD Pipeline
James Wickett
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
 
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
 

Viewers also liked (18)

PPTX
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
PDF
The Changing Landscape of Information Security
DevSecOpsSg
 
PDF
DevSecOps - Building Rugged Software
SeniorStoryteller
 
PDF
DevSecOps in Baby Steps
Priyanka Aash
 
PPTX
DevOps & Security: Here & Now
Checkmarx
 
PDF
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
PPTX
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
PPTX
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 
PPTX
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
PDF
Devops, Secops, Opsec, DevSec *ops *.* ?
Kris Buytaert
 
PDF
DevOps and IT security
ch.osme
 
PPTX
DevOps in a Regulated and Embedded Environment (AgileDC)
Arjun Comar
 
PDF
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
PPTX
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
PDF
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
PPTX
Empowering Application Security Protection in the World of DevOps
IBM Security
 
PDF
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
PDF
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
The Changing Landscape of Information Security
DevSecOpsSg
 
DevSecOps - Building Rugged Software
SeniorStoryteller
 
DevSecOps in Baby Steps
Priyanka Aash
 
DevOps & Security: Here & Now
Checkmarx
 
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
Devops, Secops, Opsec, DevSec *ops *.* ?
Kris Buytaert
 
DevOps and IT security
ch.osme
 
DevOps in a Regulated and Embedded Environment (AgileDC)
Arjun Comar
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
Ad

Similar to The Rise of DevSecOps - Fabian Lim - DevSecOpsSg (20)

PDF
Building Security Teams
Astera Esther Schneeweisz
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
PPTX
ISACA Ireland Keynote 2015
Shannon Lietz
 
PDF
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Eryk Budi Pratama
 
PPTX
Lean_Security.pptx
Clase21
 
PPTX
DevSecOps: Integrating Security Into DevOps! {Business Security}
Algoworks Inc
 
PPTX
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
PDF
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
PDF
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
CODE BLUE
 
PPTX
Software Developer Resumes
John Valentino
 
PDF
Effective security
Mike Mackintosh
 
PDF
Scale security for a dollar or less
Mohammed A. Imran
 
PPTX
DevSecCon KeyNote London 2015
Shannon Lietz
 
PPTX
DevSecCon Keynote
Shannon Lietz
 
PDF
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
PPTX
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
PDF
Leveraging red for defense
Priyanka Aash
 
PDF
Power your way to becoming a red team cyber security expert
ShivamSharma909
 
PDF
DevOps: Lead, Follow or Get Out of the Way - A CISO Perspective
Texas.gov
 
Building Security Teams
Astera Esther Schneeweisz
 
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
ISACA Ireland Keynote 2015
Shannon Lietz
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Eryk Budi Pratama
 
Lean_Security.pptx
Clase21
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
Algoworks Inc
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
CODE BLUE
 
Software Developer Resumes
John Valentino
 
Effective security
Mike Mackintosh
 
Scale security for a dollar or less
Mohammed A. Imran
 
DevSecCon KeyNote London 2015
Shannon Lietz
 
DevSecCon Keynote
Shannon Lietz
 
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
Leveraging red for defense
Priyanka Aash
 
Power your way to becoming a red team cyber security expert
ShivamSharma909
 
DevOps: Lead, Follow or Get Out of the Way - A CISO Perspective
Texas.gov
 
Ad

Recently uploaded (20)

PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
July Patch Tuesday
Ivanti
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PPTX
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
July Patch Tuesday
Ivanti
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 

The Rise of DevSecOps - Fabian Lim - DevSecOpsSg