The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

15
The Rise of Fabian Lim

Transcript of The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

Page 1: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

The Rise of

Fabian Lim

Page 2: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/about• DevSecOps Engineer

– 1.5 years– Culture Hacking– Passion in Infrastructure and Operations

• Carnegie Mellon University– MSc Information Security Policy and Management

• Singapore Management University– BSc Information Systems

• Gym, Krav Maga enthusiast

Page 3: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/journey1. DevSecOps Engineer2. Open-Source Projects3. Red Team4. Culture Hacking5. Security Defect Reporting & Metrics

Page 4: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

https://s-media-cache-ak0.pinimg.com/originals/f6/36/0d/f6360df9be90fa7b03cb7f4e7b5a6dc6.jpg

Page 5: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/peek• A Peek into My Everyday

– Development and maintenance of in house tools using experiments

– Security knowledge is essential to identify security flaws

– Operations know-how of our own infrastructure so it is resilient

• Red Team Monday is awesome!• Blue Team All-Day is cool too!

Page 6: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/mindset• Collaboration Focus• Open and Transparent• Prefer Shiteration over Perfection• (Actively) “Hunting” mode over Reactive mode• What keeps you up at night?

Page 7: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/how• Everyone – needs to get their hands dirty at code• Can-do Agile Attitude – Fail Fast, Crawl Walk Run• Culture - Everyone is responsible for Security• Red Teaming – Crucial to move the ‘urgency’ needle• Metrics – to report, show trends

Page 8: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/why• Passion• Revolutionary Way of Doing Security• Works and Improves the Security Posture of the

Company• I Want to be Worked WITH Rather Than AGAINST

Page 9: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/open_source_projects• GOAL: Get developers to be involved and

contribute your security tools

• EFFECT: Working together

• RESULT: Secure Company-Wide Projects

Page 10: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

• TRADITION: Security Team v.s Development Team• GOAL: We are all one – there is no ‘them’ and ‘us’

• METHOD: Security Understands Developers and Helps to Solve Security Issues Together, not Blaming

• RESULT: Shared Sense of Responsibility

/culture

Page 11: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
Page 12: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/red_team• TARGET: Low-Hanging Fruit

• EFFECT: A Method to Convince Management

• RESULT: Increases Focus and Resources on Security

Page 13: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/security_defect_reporting• GOAL: Measure State of Security

• EFFECT: Management sees resources used effectively

• RESULT: Significantly improve Visibility on Security Performance

Page 14: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/references• devsecops.org• github.com/devsecops/bootcamp

• @3jmaster• http://www.devsecops.org/blog?tag=DevSecOps+Explained

http://www.devsecops.org/blog?tag=DevSecOps+Explained
http://www.devsecops.org/blog?tag=DevSecOps+Explained
http://www.devsecops.org/blog?tag=DevSecOps+Explained
http://www.devsecops.org/blog?tag=DevSecOps+Explained
Page 15: The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

/gracias


Modernizing your database processes with DevSecOps...DBmaestro Moderniing your database processes with DevSecOps 1 2 6 7 9 10 11 Introduction The Shift to DevSecOps Database Flow Comprehensive

Modernizing your database processes with DevSecOps...DBmaestro Moderniing your database processes with DevSecOps 1 2 6 7 9 10 11 Introduction The Shift to DevSecOps Database Flow Comprehensive

Does DevSecOps really exist?

Does DevSecOps really exist?

DoD Enterprise DevSecOps Community of Practice · 2021. 6. 29. · ECMA and Army Software Factory's DevSecOps ... Project Ridgway are users of the DevSecOps ecosystem. 7. ... Continuous

DoD Enterprise DevSecOps Community of Practice · 2021. 6. 29. · ECMA and Army Software Factory's DevSecOps ... Project Ridgway are users of the DevSecOps ecosystem. 7. ... Continuous

CSA - DevSecOps v1 compressed//aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline/ CodePipeline security group ... CSA - DevSecOps v1 compressed Created Date:

CSA - DevSecOps v1 compressed//aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline/ CodePipeline security group ... CSA - DevSecOps v1 compressed Created Date:

DevSecOps – Agility with Security · 4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

DevSecOps – Agility with Security · 4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

DevSecOps: Is it a Good Thing?

DevSecOps: Is it a Good Thing?

DevSecOps Singapore introduction

DevSecOps Singapore introduction

Implementing a DevSecOps Approach in Cloud

Implementing a DevSecOps Approach in Cloud

DevSecOps and the Public Sector

DevSecOps and the Public Sector

Balancing time with Fabian Cancellara - …maanofthehour.com/.../uploads/2014/12/13-Fabian-Cancellara.pdfBalancing time with Fabian Cancellara Driven, relentless and passionate, Fabian

Balancing time with Fabian Cancellara - …maanofthehour.com/.../uploads/2014/12/13-Fabian-Cancellara.pdfBalancing time with Fabian Cancellara Driven, relentless and passionate, Fabian

DevSecOps Journey - CSO50 Conference · DevSecOps Journey 2/28/2018. 3/3/2018 Confidential –Internal Distribution 2 Agenda • DevSecOps @ Fannie Mae o The Challenges and The Promises

DevSecOps Journey - CSO50 Conference · DevSecOps Journey 2/28/2018. 3/3/2018 Confidential –Internal Distribution 2 Agenda • DevSecOps @ Fannie Mae o The Challenges and The Promises

DISA DevSecOps Enterprise Strategy · Web view2021/07/30  · A DevSecOps New World This document focuses on the DISA Enterprise DevSecOps Strategy to secure the Department of Defense

DISA DevSecOps Enterprise Strategy · Web view2021/07/30  · A DevSecOps New World This document focuses on the DISA Enterprise DevSecOps Strategy to secure the Department of Defense

DevSecOps – Agility with Security...4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

DevSecOps – Agility with Security...4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

DoD Enterprise DevSecOps Fundamentals - AF

DoD Enterprise DevSecOps Fundamentals - AF

The Human Side of DevSecOps

The Human Side of DevSecOps

  CP-DevSecOps...Automate Security tests in DevOps CP-DevSecOps is the surest way for you to practically experience contiuous security testing or DevSecOps using the most in demand

  CP-DevSecOps...Automate Security tests in DevOps CP-DevSecOps is the surest way for you to practically experience contiuous security testing or DevSecOps using the most in demand

Dev Breakfast: Level up to DevSecOps

Dev Breakfast: Level up to DevSecOps

DevSecOps: Why security is essential · DevSecOps doesn’t happen all at once for most organizations; it is a journey. Although the DevSecOps journey is enabled by technology, the

DevSecOps: Why security is essential · DevSecOps doesn’t happen all at once for most organizations; it is a journey. Although the DevSecOps journey is enabled by technology, the

Overcoming DevSecOps Challenges

Overcoming DevSecOps Challenges

DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government

DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government