Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Fast-tracking DevSecOps Maturity With Security ...

Fast-tracking DevSecOps Maturity With Security Chaos Engineering

💥 Fast-tracking DevSecOps Maturity With SCE 💥

🔥 Maturity is important in all facets of life, including technology.
So how do you gauge the maturity of your DevSecOps strategy?

➡ Enter the DevSecOps maturity models. What are they?

"A maturity model is a tool that helps people assess a person's or group's current effectiveness and supports figuring out what capabilities they need to acquire next to improve their performance."

- Martin Fowler

🔥 Three important questions that a DevSecOps maturity model helps in figuring out.

1️⃣ What is your level of DevSecOps Maturity?

2️⃣ Where is your desired level of DevSecOps maturity?

3️⃣ How do you get there?

➡ The Datadog DevSecOps Maturity Model and the Amazon Web Services (AWS) Security Model are two maturity models to consider within the scope of DevSecOps/SecOps

➡ Amongst many other recommendations for maturing DevSecOps, security chaos engineering is recommended in these two models.

Why is that important?

➡ It boils down to one thing -> cyber resilience.

🔥 The inevitability of cyber attacks implies the importance of adequate anticipation and preparation. It calls for striking a sensible balance between attack prevention, detection, and response. Unlike popular opinion, this does not connote negativity; rather, it allows for sufficient opportunities to respond in ways that thwart attacks while ensuring minimal impact on business operations.

➡ What are your thoughts about DevSecOps/Security maturity models? Are there other relevant models out there that might be useful?

Kennedy Torkura

July 01, 2023
Tweet

More Decks by Kennedy Torkura

Other Decks in Technology

Transcript

  1. Source: Datadog DevSecOps Maturity Model - DevSecOps Maturity Model White

    Paper | Datadog (datadoghq.com) Three Important Questions About DevSecOps Maturity 1 . What is your level of DevSecOps Maturity ? 2. Where is your desired level of DevSecOps maturity ? 3. How do you get there ?
  2. “A maturity model is a tool that helps people assess

    the current effectiveness of a person or group and supports figuring out what capabilities they need to acquire next in order to improve their performance.” - Martin Fowler MaturityModel (martinfowler.com)
  3. Maturity Model 01 : Datadog DevSecOps Maturity Model Datadog DevSecOps

    Maturity Model - DevSecOps Maturity Model White Paper | Datadog (datadoghq.com) Identifies four stages of maturity across six major competency areas
  4. Security Chaos Testing is a Requisite For the Operate Competency

    Across Intermediate, Advanced & Expert Maturity Stages Datadog DevSecOps Maturity Model - DevSecOps Maturity Model White Paper | Datadog (datadoghq.com)
  5. The AWS Security Maturity Model is Organized in Phases. AWS

    Security Maturity Model - Home :: AWS Security Maturity Model Maturity Model 02: The AWS Security Maturity Model
  6. Security Chaos Engineering Is Recommended Under Phase 4. This is

    critical for enabling cyber resilience AWS Security Maturity Model - Home :: AWS Security Maturity Model
  7. What is the Value Props of Security Chaos Engineering for

    DevSecOps? Spoiler Alert : The value proposition is generally applicable to other cyber security domains. Security Chaos Engineering 101: The Mind Map & Feedback Loop (mitigant.io)
  8. DORA Metrics • Deployment Frequency • Lead time for changes

    • Time to restore service • Change failure rate State of the DevOps Report DORA 2022 Accelerate State of DevOps Report now out | Google Cloud Blog These metrics are indicative low, medium and high performing teams.
  9. Security Chaos Engineering Leads to Cyber Resilience Leveraging Security Chaos

    Engineering for Cloud Cyber Resilience - Part I (mitigant.io) High performing security engineering teams are cyber resilient.
  10. Seamlessly Fast-track Your DevSecOps Maturity With The Mitigant Security Chaos

    Engineering Platform Cloud Immunity | Mitigant https://mitigant.io We are here to support you. Be Secure. Be Resilient.