Explore DevSecOps transformation strategies in this 21-minute conference talk from USENIX Enigma 2018. Learn how global teams are scaling security out of necessity, discover common pitfalls to avoid, and gain insights into simple techniques for a smoother transition. Delve into topics such as the DevSecOps Maturity Model, understanding adversaries through data analysis, continuous security testing, and unifying security with DevOps practices. Gain valuable knowledge on categorizing tactics, applying funnel techniques, and implementing a security hierarchy of needs. Discover how to stay ahead of threats and join the DevSecOps community to further enhance your skills in creating safer software sooner.
Overview
Syllabus
Intro
What the heck is happening?
How hard could it be?
DevSecOps Maturity Model & Behaviors
Adversary Interest?
Apply funnel techniques to understanding adversaries
How do we understand adversaries?
Data provides a pane of glass
There are different levels of adversaries
Categorizing and Classifying Tactics
Converting to Human/DevOps
Continuous Security Testing
Assists with getting ahead and staying ahead
Unifying security with DevOps...
Security Hierarchy of Needs at RSA
Full Stack Attack at RSA
DevSecOps Lessons at OWASP
Get Involved and Join the Community
Taught by
USENIX Enigma Conference
