Join the conversation #devseccon
DevSecOps in the Gov(ernment)Tech
By Fabian Lim@3jmaster
about.me/fabian.lim
Platform as a Service
http://saphanatutorial.com/wp-content/uploads/2015/01/SAP-HANA-Cloud-Platform-PaaS-1.jpg
GovTech
Open Culture - Be Happy & Awesome
Agile -> DevOps
Hands-on
Software & Hardware
Full StackHow do we operate?
https://cdn.motivationgrid.com/wp-content/uploads/2014/02/Bruce-Lee-Quote-Be-like-Water.jpg
GovTech 2017
<<INSERT DIAGRAM ABOUT TRADITIONAL DATA CENTER SUCCESS>>
http://agilebrick.com/images/agile-process-1.png
GovTech 2020s
<<INSERT DIAGRAM ABOUT CIS 20 CONTROLS SUCCESS>>
http://wyzguyscybersecurity.com/wp-content/uploads/2016/10/20-cis-controls.png
SoftwareWater
Everyone needs water.“Software is eating the world.”
- Marc Andreessen
http://angrytrainerfitness.com/wp-content/uploads/2012/05/Drinking-Water.jpg https://mattermark.com/wp-content/uploads/2015/06/startups.jpg
● Speak the language● Understand the
process● Be involved and use
tools to create tickets● Be involved to develop
and resolve the defects
Developers want
1. To create new features2. Secure the application
SPRINT!
Sprint Planning
Actual Software development
Code review + Merge to dev
QE and Security Testing
End of sprint
CheckmarxTwistLockNessusetc...
Developers want
1. Freedom to innovate2. Speedy delivery3. Access to build tools4. To manage their own
resources
● Virtual Machines● Cloud● Deployment / Build
Tools● Laptops● Phones● Network APs● Chat Messengers● ...
Securing the Environment
● Make sure to have logging and visibility
● Communication and understand the risks
● Tasks can be part of the Sprint too!
SoftwareWater
http://us.123rf.com/450wm/anawat/anawat1509/anawat150901245/45074411-scientist-with-equipment-and-science-experiments-laboratory-glassware-containing-chemical-liquid-sci.jpg?ver=6 https://upload.wikimedia.org/wikipedia/commons/thumb/6/64/Coding_Shots_Annual_Plan_high_res-5.jpg/300px-Coding_Shots_Annual_Plan_high_res-5.jpg http://www.aboriginalaccess.ca/sites/aboriginalaccess.ca/files/img/hero/civil-eng-water-resource.jpg
Human_Security_as_Code.rbrequire ‘devsecops’role = getMyRole()privatedef get_to_do_list todo = ‘’
todo += ‘Learn about security;’ if role.contains(‘developer’) todo += ‘Learn about development;’ if role.contains(‘security_eng’) todo += ‘Define processes \ and get metrics;’ if role.contains(‘manager’) todo += ‘Educate and hire people;’ if role.contains(‘sole_security_guy’)
return todoendget_to_do_list
Developers want
● Fast● Built-In Security● Automated● Ease of use● Not to be blocked
Securing the Human
Securing the Human - BJ Fogg Model
http://www.behaviormodel.org/index_files/bj-fogg-behavior-model-grapic.jpg
https://cdn.motivationgrid.com/wp-content/uploads/2014/02/Bruce-Lee-Quote-Knowing-is-not-Enough.jpg
References
● https://www.pub.gov.sg/Documents/UFW_Guidebook.pdf● https://www.pub.gov.sg/Documents/WQ2016.pdf ● https://app.pub.gov.sg/waterlevel/pages/WaterLevelSensors.aspx ● https://www.pub.gov.sg/research ● https://www.pub.gov.sg/watersupply/waterquality/drinkingwater
Top Related