Download as PDF, PPTX
More Related Content
Similar to The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
![[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...](https://cdn.slidesharecdn.com/ss_thumbnails/cb22keynoteunderwhelmedmakingsenseoftheoverwhelmingchallengeofcybersecurity-230101083039-ff0c756e-thumbnail.jpg?width=640&height=640&fit=bounds)
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
- 1.
- 2. /about • DevSecOps Engineer –1.5 years – Culture Hacking – Passion in Infrastructure and Operations • Carnegie Mellon University – MSc Information Security Policy and Management • Singapore Management University – BSc Information Systems • Gym, Krav Maga enthusiast
- 3. /journey 1. DevSecOps Engineer 2.Open-Source Projects 3. Red Team 4. Culture Hacking 5. Security Defect Reporting & Metrics
- 4.
- 5. /peek • A Peekinto My Everyday – Development and maintenance of in house tools using experiments – Security knowledge is essential to identify security flaws – Operations know-how of our own infrastructure so it is resilient • Red Team Monday is awesome! • Blue Team All-Day is cool too!
- 6. /mindset • Collaboration Focus •Open and Transparent • Prefer Shiteration over Perfection • (Actively) “Hunting” mode over Reactive mode • What keeps you up at night?
- 7. /how • Everyone –needs to get their hands dirty at code • Can-do Agile Attitude – Fail Fast, Crawl Walk Run • Culture - Everyone is responsible for Security • Red Teaming – Crucial to move the ‘urgency’ needle • Metrics – to report, show trends
- 8. /why • Passion • RevolutionaryWay of Doing Security • Works and Improves the Security Posture of the Company • I Want to be Worked WITH Rather Than AGAINST
- 9. /open_source_projects • GOAL: Getdevelopers to be involved and contribute your security tools • EFFECT: Working together • RESULT: Secure Company-Wide Projects
- 10. • TRADITION: SecurityTeam v.s Development Team • GOAL: We are all one – there is no ‘them’ and ‘us’ • METHOD: Security Understands Developers and Helps to Solve Security Issues Together, not Blaming • RESULT: Shared Sense of Responsibility /culture
- 12. /red_team • TARGET: Low-HangingFruit • EFFECT: A Method to Convince Management • RESULT: Increases Focus and Resources on Security
- 13. /security_defect_reporting • GOAL: MeasureState of Security • EFFECT: Management sees resources used effectively • RESULT: Significantly improve Visibility on Security Performance
- 14. /references • devsecops.org • github.com/devsecops/bootcamp •@3jmaster • http://www.devsecops.org/blog?tag=DevSecOps+Explained
- 15.