When DevOps Meets Security • Michael Brunton-Spall • GOTO 2015
About this talk
This video was recorded at GOTO London 2015. #gotocon http://gotoldn.com Michael Brunton-Spall - Senior Technical Architect at The Government Digital Service A revolution has taken place in the world of operations, and the effects are spreading. Gone or going are the days of change control notices and weekly control boards that sit in judgement on each production change. Improved communication between the operations and business means that responsiveness and business agility are becoming the bywords for many enterprises. Download slides and read the full abstract here: http://gotocon.com/goto-london-2015/#!#schedulePopupExtras-6998 RECOMMENDED BOOKS Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3 Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6 Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • https://amzn.to/2U8iLY2 TIMECODES 0:00 Introduction 0:53 Government Digital Service 3:58 The state of information security in 2015 4:39 Approval to operate 4:45 Accreditation 5:15 Certification 5:39 Traditional model 9:08 Agile changes everything 9:36 Focus on flow and cycle time 11:07 A security nightmare! 11:13 A brave new world for security 11:18 Security needs to be an enabler 12:00 Biggest consistent finding? 13:35 Principles over rules 13:47 The UK Government published 8 principles 14:17 Accept uncertainty 14:34 Security as part of the team 15:07 Understand the risks 16:14 Trust decision making 16:38 Security is part of everything 16:48 User experience is important 17:30 Audit decisions 18:06 Understand big picture impact 18:46 Choose security model that's appropriate 19:22 Understand the threats 20:32 Educate decision makers to risks 20:47 Make risk decisions, per story, in the team 21:13 What do you do about it? 21:38 Transfer 21:58 Mitigate 23:06 Deter, Detect, Prevent 23:19 Reactive countermeasures 23:22 Correct, Respond, Recover 23:34 Traditional security people understand this 24:04 Misuse cases 24:33 Attack trees 24:54 Red teams 25:00 Automated penetration testing 25:36 Automated Integrated Repeatable https://twitter.com/gotoldn https://www.facebook.com/GOTOConference http://gotocon.com #DevOps #Security #SecurityBreach Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter
Stay Updated
Get notified about new features and conference additions.
