Controlled Chaos: The Inevitable Marriage of DevOps & Security

Channel:
United States All Hacking Cons
Subscribers:
6,000
Published on ● Video Link: https://www.youtube.com/watch?v=fq-S9Cuf-F8


Duration: 54:06
3 views
0

Kelly Shortridge | VP of Product Strategy, Capsule8
Nicole Forsgren | Research & Strategy, Google Cloud
Location: South Pacific
Date: Wednesday, August 7 | 4:00pm-4:50pm
Format: 50-Minute Briefings
Tracks: Security Development Lifecycle, Applied Security

We've all heard "software is eating the world" – that most organizations are becoming software organizations in some form. In this new era, DevOps rises as the engine of the business, and organizations resisting its ascension empirically fall behind. Those in information security often view DevOps as demons by another name and assume that if they aren't a hyperscale tech organization, they can safely ignore these trends.

In reality, information security has a choice: marry with their DevOps colleagues and embrace the philosophy of controlled chaos, or eventually be shoved aside, descending into impotence and irrelevancy. In this session, we'll explain the basics of DevOps and the concepts of resilience and chaos engineering. Using large-scale survey data, we'll illuminate which factors determine whether an organization is "elite" in this software-dominant world. We'll then uncover how DevOps' priorities and goals aren't so dissimilar from modern infosec's goals.

We'll delve into implications for security programs, particularly the shift from security for its own sake to security as an enabler of business objectives. Then, we'll expose why chaos and resilience engineering represents the future of security programs – and why it catalyzes the dawn of defensive innovation. We'll show how chaos and resilience fit with the C.I.A. triad and why the D.I.E. triad of distributed, immutable, and ephemeral might be the model of the future. Focusing on practical implementation, we'll examine metrics, GameDays, and existing resiliency tools that security teams can adopt and extend to meet their goals.

Finally, we'll propose pragmatic approaches for security teams to make a marriage to DevOps last through a love of controlled chaos. We'll conclude by discussing partnership opportunities with DevOps to support the organization on its path to leetness – and to transform security from a frustrating cost center to a lean, mean, innovation machine.

Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-07Come Join the CAFSA - Continuous Automated Firmware Security Analysis
2022-01-07Defense Against Rapidly Morphing DDOS
2022-01-07Automation Techniques in C++ Reverse Engineering
2022-01-07He Said, She Said – Poisoned RDP Offense and Defense
2022-01-07Command Injection in F5 iRules
2022-01-07Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically
2022-01-07Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities
2022-01-07HostSplit: Exploitable Antipatterns in Unicode Normalization
2022-01-07Behind the scenes of iOS and Mac Security
2022-01-07How Do Cyber Insurers View The World?
2022-01-07Controlled Chaos: The Inevitable Marriage of DevOps & Security
2022-01-07Detecting Deep Fakes with Mice
2022-01-07Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
2022-01-07Detecting Malicious Files with YARA Rules as They Traverse the Network
2022-01-070-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars
2022-01-07Critical Zero Days Remotely Compromise the Most Popular Real Time OS
2022-01-07DevSecOps : What, Why and How
2022-01-07How to Detect that Your Domains are Being Abused for Phishing by Using DNS
2022-01-07A Compendium of Container Escapes
2022-01-07Cyber Insurance 101 for CISO's
2022-01-07A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
phishing
software
access
safety
theft
system
firewall
communication
account
programmer
spyware
hacked
hacking conference
conference
learn
how to
2022
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Nicole Forsgren
Kelly Shortridge
chaos
devops