DevOps Indonesia, profile picture
Uploaded byDevOps Indonesia
PDF, PPTX2,229 views

The State of DevSecOps

The document discusses the rise of DevSecOps and its importance for software development. It notes that existing security solutions are no longer adequate due to the speed of modern development, and that security has become a bottleneck. DevSecOps aims to integrate security practices into development workflows to enable continuous and real-time security. It outlines how security responsibilities have evolved from separate teams to being shared among developers, and how tools have progressed from periodic testing to continuous monitoring and automation. The document argues that DevSecOps is necessary now given the costs of data breaches and risks of vulnerabilities in open source components.

Embed presentation

Download as PDF, PPTX
The State of DevSecOps
About me Stefan Streichsbier @s_streichsbier GuardRails.io Move fast, be safe.
What do these companies have in common? <10 years
Tech Startups in Asia – #10YearChallenge 2009 vs 2019
How is that possible?
1. Existing solutions are no longer adequate Provide A Terrible User Experience Enterprise Solutions Come From The Waterfall Era Enterprise Means Overpriced
2. SaaS enable wide-spread distribution Your Users Are EverywhereNo Need To Go To A Physical Location No Need to Create WW Sales Teams
3. Cheaper to create & operate Software Startup Ecosystems Empower Entrepreneurs Open Source Software Provides Building Blocks Cloud Computing Provides Low Barrier of Entry
To summarize The existing solutions are ripe for replacement Creating new technology solutions was never faster Software can be Distributed globally
DevSecOps: How important is it really? • Agile took us from months to days to deliver software • DevOps took us from months to minutes to deploy software • More applications are mission critical • Now security has become the bottleneck
The real impact of hacks & breaches News is full of high-profile breaches that get widespread attention. But they are not the only target of hackers 43% of all cyber attacks target small businesses. 60% of small businesses that are Hacked go out of business within 6 months. 1/5 data breaches are the result of attackers abusing insecure web applications.
DevSecOps: Who is responsible?
The Evolution of Security Tools Secure SDLCPenetration Testing DevSecOps Duration 2-4 weeks 1-2 weeks Continuous and Real-time Tools • Port Scanners • Vulnerability Scanners • Exploitation Tools Audience • Security Professionals Tools • Code Security Scanners • Dynamic Security Scanners • Vulnerability Scanners Audience • Security Professionals in Enterprise Security Teams Tools • Code Security Scanners • Interactive Security Scanners • Runtime Application Self Protection Audience • Developers in Product Teams
Security Development Operations The Evolution of Security Teams Secure SDLCPenetration Testing DevSecOps Security Development Operations Security Development Operations “Department of NO” “Let’s work together” “How can we help you succeed?”
Modern security teams empower dev teams! 100 10 1 Dev Ops Sec: : : : Looks like we have a scale problem
- John Willis You build it, you secure it.
Mindset within your product teams • Have Shared Pain and Shared Goals • Clearly defined global delivery goals (no competing KPIs) • Measure outcome (customer value), not output • Be Autonomous • Maximize flow (minimize cycle times) • Implement fast automated test suites • Never pass defects downstream • Create quality at the source (provide knowledge where needed) • Full decision authority • Full Accountability • Good or bad - you own it. There is no one else to blame
Leveraging DevSecOps Principles
Understanding benefits of security controls Create Test Monitor Challenges • Changing human behavior • Difficult to enforce • People churn Benefits • Reduce new vulnerabilities Challenges • Vulnerability Noise • Fixing issues • Coverage of issues Benefits • Enforceable • Provide Metrics Challenges • Coverage of issues • Org wide rollout Benefits • Enforceable • Provide Metrics • Block attacks Security
DevSecOps - Monitor Are your applications currently under attack? Are we automatically defending against this attack? What are attackers going after? • Micro Segmentation • Runtime Application Self Protection (RASP) • Bug Bounties Questions you should be able to answerAvailable Technologies
DevSecOps - Test Do the latest changes introduce new security issues? Does our code contain hard- coded secrets? Do any of our 3rd party libraries have known security issues? Questions you should be able to answer • Static Application Security Testing (SAST) • Sensitive Information Scanners (SIS) • Software Composition Analysis (SCA/CCA) • Dynamic Security Scanning (DAST) • Interactive Application Security Testing (IAST) Available Technologies
Automated Security Testing SAST SCA DAST/IASTCCA CommercialOpenSource 60+
Where do these tools live? Source: https://twitter.com/djschleen
DevSecOps - Create Do your teams know the most common successful attacks? Who is the dedicated security contact in a team? Do your teams know how to detect and avoid them? Questions you should be able to answer • Security Awareness • Secure Coding Training • Shared Knowledge Base • Security Focused Hackathons • Security Champion Program Available Options
DevSecOps Do we really need it now? There are some compelling statistics • It’s 30 times cheaper to fix security defects in development vs production • 80% to 90% of modern applications consist of open source components • An average data breach costs 5M+ USD • Most of the DevOps high-performers include security in their delivery process Security as Competitive Advantage
State of DevSecOps - Conclusion Security TeamTechnologies Product Team • Tools have improved • Choose them wisely • Solve technology problems • Cover the whole portfolio • Start acting on data in prod • Department of YES • Empowering product teams • Use scarce resources wisely • Knowledge is power • Turn developers into security champs • Be mindful that change is slow • Build it, run it, secure it
Thank you
Get a curated list of security resources Consisting of: • Awesome security lists • Developer trainings • List of great security tools • Security Page templates • Free digital copy of my book • the slides • … and more Then send an email to: iwant@guardrails.io

More Related Content

PDF
Practical DevSecOps Course - Part 1
byMohammed A. Imran
 
PDF
DevSecOps 101
byNarudom Roongsiriwong, CISSP
 
PPTX
Introduction to DevSecOps
byabhimanyubhogwan
 
PDF
DevSecOps What Why and How
byNotSoSecure Global Services
 
PDF
DevSecOps and the CI/CD Pipeline
byJames Wickett
 
PPTX
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
PPTX
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
Practical DevSecOps Course - Part 1
byMohammed A. Imran
 
DevSecOps 101
byNarudom Roongsiriwong, CISSP
 
Introduction to DevSecOps
byabhimanyubhogwan
 
DevSecOps What Why and How
byNotSoSecure Global Services
 
DevSecOps and the CI/CD Pipeline
byJames Wickett
 
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 

What's hot

PDF
DevSecOps Implementation Journey
byDevOps Indonesia
 
PPTX
DevSecOps : an Introduction
byPrashanth B. P.
 
PDF
The What, Why, and How of DevSecOps
byCprime
 
PPTX
DevOps to DevSecOps Journey..
bySiddharth Joshi
 
PDF
Introduction to DevSecOps
bySetu Parimi
 
PDF
DevSecOps The Evolution of DevOps
byMichael Man
 
PPTX
How to Get Started with DevSecOps
byCYBRIC
 
PDF
DevSecOps Basics with Azure Pipelines
byAbdul_Mujeeb
 
PDF
DevSecOps | DevOps Sec
byRubal Jain
 
PDF
Demystifying DevSecOps
byArchana Joshi
 
PDF
Practical DevSecOps - Arief Karfianto
byidsecconf
 
PPTX
DevSecOps Training Bootcamp - A Practical DevSecOps Course
byTonex
 
PPTX
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
byMohamed Nizzad
 
PPTX
DevSecOps
byCheah Eng Soon
 
PDF
DevSecOps in Baby Steps
byPriyanka Aash
 
PDF
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
PPTX
DevSecOps
byJoel Divekar
 
PDF
2019 DevSecOps Reference Architectures
bySonatype
 
PDF
DevSecOps
byTomas Honzak
 
PDF
Secure Your Code Implement DevSecOps in Azure
bykloia
 
DevSecOps Implementation Journey
byDevOps Indonesia
 
DevSecOps : an Introduction
byPrashanth B. P.
 
The What, Why, and How of DevSecOps
byCprime
 
DevOps to DevSecOps Journey..
bySiddharth Joshi
 
Introduction to DevSecOps
bySetu Parimi
 
DevSecOps The Evolution of DevOps
byMichael Man
 
How to Get Started with DevSecOps
byCYBRIC
 
DevSecOps Basics with Azure Pipelines
byAbdul_Mujeeb
 
DevSecOps | DevOps Sec
byRubal Jain
 
Demystifying DevSecOps
byArchana Joshi
 
Practical DevSecOps - Arief Karfianto
byidsecconf
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
byTonex
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
byMohamed Nizzad
 
DevSecOps
byCheah Eng Soon
 
DevSecOps in Baby Steps
byPriyanka Aash
 
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
DevSecOps
byJoel Divekar
 
2019 DevSecOps Reference Architectures
bySonatype
 
DevSecOps
byTomas Honzak
 
Secure Your Code Implement DevSecOps in Azure
bykloia
 

Similar to The State of DevSecOps

PPTX
SCS DevSecOps Seminar - State of DevSecOps
byStefan Streichsbier
 
PDF
Pentest is yesterday, DevSecOps is tomorrow
byAmien Harisen Rosyandino
 
PDF
DevSecOps - The big picture
byDevSecOpsSg
 
PDF
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
byDicodingEvent
 
PDF
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
 
PPTX
DevSecOps Powerpoint Presentation for Students
bypoonawala2303
 
PDF
DevSecOps - Background, Status and Future Challenges
bydsc71656
 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
PPTX
DevSecOps Best Practices-Safeguarding Your Digital Landscape
bystevecooper930744
 
PDF
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
 
PDF
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
PDF
The Future of DevSecOps
byStefan Streichsbier
 
PDF
DevOps vs DevSecOps_ What CTOs Must Know Before Scaling Securely.pdf
byDevseccops.ai
 
PPTX
State of DevSecOps - GTACS 2019
byStefan Streichsbier
 
PPTX
State of DevSecOps - DevSecOpsDays 2019
byStefan Streichsbier
 
PPTX
Secure DevOps - Evolution or Revolution?
bySecurity Innovation
 
PPTX
Outpost24 webinar - application security in a dev ops world-08-2018
byOutpost24
 
PPTX
DevSecOps without DevOps is Just Security
byKevin Fealey
 
PPTX
Securing a great DX - DevSecOps Days Singapore 2018
byStefan Streichsbier
 
SCS DevSecOps Seminar - State of DevSecOps
byStefan Streichsbier
 
Pentest is yesterday, DevSecOps is tomorrow
byAmien Harisen Rosyandino
 
DevSecOps - The big picture
byDevSecOpsSg
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
byDicodingEvent
 
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
 
DevSecOps Powerpoint Presentation for Students
bypoonawala2303
 
DevSecOps - Background, Status and Future Challenges
bydsc71656
 
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
bystevecooper930744
 
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
 
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
 
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
The Future of DevSecOps
byStefan Streichsbier
 
DevOps vs DevSecOps_ What CTOs Must Know Before Scaling Securely.pdf
byDevseccops.ai
 
State of DevSecOps - GTACS 2019
byStefan Streichsbier
 
State of DevSecOps - DevSecOpsDays 2019
byStefan Streichsbier
 
Secure DevOps - Evolution or Revolution?
bySecurity Innovation
 
Outpost24 webinar - application security in a dev ops world-08-2018
byOutpost24
 
DevSecOps without DevOps is Just Security
byKevin Fealey
 
Securing a great DX - DevSecOps Days Singapore 2018
byStefan Streichsbier
 

More from DevOps Indonesia

PDF
Secure your Application with Google cloud armor
byDevOps Indonesia
 
PDF
Securing DevOps Lifecycle
byDevOps Indonesia
 
PDF
API Security Webinar : Security Guidelines for Providing and Consuming APIs
byDevOps Indonesia
 
PDF
Operate Containers with AWS Copilot
byDevOps Indonesia
 
PDF
Securing an NGINX deployment for K8s
byDevOps Indonesia
 
PDF
API Security Webinar : Credential Stuffing
byDevOps Indonesia
 
PDF
API Security Webinar - Credential Stuffing
byDevOps Indonesia
 
PDF
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
byDevOps Indonesia
 
PDF
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
byDevOps Indonesia
 
PDF
The Death and Rise of Enterprise DevOps
byDevOps Indonesia
 
PDF
Feature Scoring in Green Field Application Development and DevOps
byDevOps Indonesia
 
PDF
API Security Webinar - Security Guidelines for Providing and Consuming APIs
byDevOps Indonesia
 
PDF
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
byDevOps Indonesia
 
PDF
Securing Your Database Dynamic DB Credentials
byDevOps Indonesia
 
PDF
Continuously Deploy Your CDK Application by Petra novandi barus
byDevOps Indonesia
 
PDF
DevOps Indonesia (online) meetup 45 - Announcement
byDevOps Indonesia
 
PDF
DevOps Indonesia Meetup #52 - announcement
byDevOps Indonesia
 
PDF
DevOps Meetup 50 : Securing your Application - Announcement
byDevOps Indonesia
 
PDF
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
byDevOps Indonesia
 
PDF
API Security Webinar - Hendra Tanto
byDevOps Indonesia
 
Secure your Application with Google cloud armor
byDevOps Indonesia
 
Securing DevOps Lifecycle
byDevOps Indonesia
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
byDevOps Indonesia
 
Operate Containers with AWS Copilot
byDevOps Indonesia
 
Securing an NGINX deployment for K8s
byDevOps Indonesia
 
API Security Webinar : Credential Stuffing
byDevOps Indonesia
 
API Security Webinar - Credential Stuffing
byDevOps Indonesia
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
byDevOps Indonesia
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
byDevOps Indonesia
 
The Death and Rise of Enterprise DevOps
byDevOps Indonesia
 
Feature Scoring in Green Field Application Development and DevOps
byDevOps Indonesia
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
byDevOps Indonesia
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
byDevOps Indonesia
 
Securing Your Database Dynamic DB Credentials
byDevOps Indonesia
 
Continuously Deploy Your CDK Application by Petra novandi barus
byDevOps Indonesia
 
DevOps Indonesia (online) meetup 45 - Announcement
byDevOps Indonesia
 
DevOps Indonesia Meetup #52 - announcement
byDevOps Indonesia
 
DevOps Meetup 50 : Securing your Application - Announcement
byDevOps Indonesia
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
byDevOps Indonesia
 
API Security Webinar - Hendra Tanto
byDevOps Indonesia
 

Recently uploaded

PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PPTX
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
UiPath Veterans Day Acknowledgement and Benefits
byDianaGray10
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PDF
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
PDF
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
UiPath Veterans Day Acknowledgement and Benefits
byDianaGray10
 
MathML Core in WebKit
byIgalia
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 

The State of DevSecOps

  • 1.
    The State ofDevSecOps
  • 2.
  • 3.
    What do thesecompanies have in common? <10 years
  • 4.
    Tech Startups inAsia – #10YearChallenge 2009 vs 2019
  • 5.
    How is thatpossible?
  • 6.
    1. Existing solutionsare no longer adequate Provide A Terrible User Experience Enterprise Solutions Come From The Waterfall Era Enterprise Means Overpriced
  • 7.
    2. SaaS enablewide-spread distribution Your Users Are EverywhereNo Need To Go To A Physical Location No Need to Create WW Sales Teams
  • 8.
    3. Cheaper tocreate & operate Software Startup Ecosystems Empower Entrepreneurs Open Source Software Provides Building Blocks Cloud Computing Provides Low Barrier of Entry
  • 9.
    To summarize The existingsolutions are ripe for replacement Creating new technology solutions was never faster Software can be Distributed globally
  • 10.
    DevSecOps: How important isit really? • Agile took us from months to days to deliver software • DevOps took us from months to minutes to deploy software • More applications are mission critical • Now security has become the bottleneck
  • 11.
    The real impactof hacks & breaches News is full of high-profile breaches that get widespread attention. But they are not the only target of hackers 43% of all cyber attacks target small businesses. 60% of small businesses that are Hacked go out of business within 6 months. 1/5 data breaches are the result of attackers abusing insecure web applications.
  • 12.
  • 13.
    The Evolution ofSecurity Tools Secure SDLCPenetration Testing DevSecOps Duration 2-4 weeks 1-2 weeks Continuous and Real-time Tools • Port Scanners • Vulnerability Scanners • Exploitation Tools Audience • Security Professionals Tools • Code Security Scanners • Dynamic Security Scanners • Vulnerability Scanners Audience • Security Professionals in Enterprise Security Teams Tools • Code Security Scanners • Interactive Security Scanners • Runtime Application Self Protection Audience • Developers in Product Teams
  • 14.
    Security Development Operations The Evolution ofSecurity Teams Secure SDLCPenetration Testing DevSecOps Security Development Operations Security Development Operations “Department of NO” “Let’s work together” “How can we help you succeed?”
  • 15.
    Modern security teamsempower dev teams! 100 10 1 Dev Ops Sec: : : : Looks like we have a scale problem
  • 17.
    - John Willis Youbuild it, you secure it.
  • 18.
    Mindset within yourproduct teams • Have Shared Pain and Shared Goals • Clearly defined global delivery goals (no competing KPIs) • Measure outcome (customer value), not output • Be Autonomous • Maximize flow (minimize cycle times) • Implement fast automated test suites • Never pass defects downstream • Create quality at the source (provide knowledge where needed) • Full decision authority • Full Accountability • Good or bad - you own it. There is no one else to blame
  • 19.
  • 20.
    Understanding benefits ofsecurity controls Create Test Monitor Challenges • Changing human behavior • Difficult to enforce • People churn Benefits • Reduce new vulnerabilities Challenges • Vulnerability Noise • Fixing issues • Coverage of issues Benefits • Enforceable • Provide Metrics Challenges • Coverage of issues • Org wide rollout Benefits • Enforceable • Provide Metrics • Block attacks Security
  • 21.
    DevSecOps - Monitor Areyour applications currently under attack? Are we automatically defending against this attack? What are attackers going after? • Micro Segmentation • Runtime Application Self Protection (RASP) • Bug Bounties Questions you should be able to answerAvailable Technologies
  • 22.
    DevSecOps - Test Dothe latest changes introduce new security issues? Does our code contain hard- coded secrets? Do any of our 3rd party libraries have known security issues? Questions you should be able to answer • Static Application Security Testing (SAST) • Sensitive Information Scanners (SIS) • Software Composition Analysis (SCA/CCA) • Dynamic Security Scanning (DAST) • Interactive Application Security Testing (IAST) Available Technologies
  • 23.
    Automated Security Testing SASTSCA DAST/IASTCCA CommercialOpenSource 60+
  • 24.
    Where do thesetools live? Source: https://twitter.com/djschleen
  • 25.
    DevSecOps - Create Doyour teams know the most common successful attacks? Who is the dedicated security contact in a team? Do your teams know how to detect and avoid them? Questions you should be able to answer • Security Awareness • Secure Coding Training • Shared Knowledge Base • Security Focused Hackathons • Security Champion Program Available Options
  • 26.
    DevSecOps Do we reallyneed it now? There are some compelling statistics • It’s 30 times cheaper to fix security defects in development vs production • 80% to 90% of modern applications consist of open source components • An average data breach costs 5M+ USD • Most of the DevOps high-performers include security in their delivery process Security as Competitive Advantage
  • 27.
    State of DevSecOps- Conclusion Security TeamTechnologies Product Team • Tools have improved • Choose them wisely • Solve technology problems • Cover the whole portfolio • Start acting on data in prod • Department of YES • Empowering product teams • Use scarce resources wisely • Knowledge is power • Turn developers into security champs • Be mindful that change is slow • Build it, run it, secure it
  • 28.
  • 29.
    Get a curatedlist of security resources Consisting of: • Awesome security lists • Developer trainings • List of great security tools • Security Page templates • Free digital copy of my book • the slides • … and more Then send an email to: [email protected]