Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Fast-tracking DevSecOps Maturity With Security ...

Kennedy Torkura
July 01, 2023
Technology
0
300

Fast-tracking DevSecOps Maturity With Security Chaos Engineering

💥 Fast-tracking DevSecOps Maturity With SCE 💥

🔥 Maturity is important in all facets of life, including technology.
So how do you gauge the maturity of your DevSecOps strategy?

➡ Enter the DevSecOps maturity models. What are they?

"A maturity model is a tool that helps people assess a person's or group's current effectiveness and supports figuring out what capabilities they need to acquire next to improve their performance."

- Martin Fowler

🔥 Three important questions that a DevSecOps maturity model helps in figuring out.

1️⃣ What is your level of DevSecOps Maturity?

2️⃣ Where is your desired level of DevSecOps maturity?

3️⃣ How do you get there?

➡ The Datadog DevSecOps Maturity Model and the Amazon Web Services (AWS) Security Model are two maturity models to consider within the scope of DevSecOps/SecOps

➡ Amongst many other recommendations for maturing DevSecOps, security chaos engineering is recommended in these two models.

Why is that important?

➡ It boils down to one thing -> cyber resilience.

🔥 The inevitability of cyber attacks implies the importance of adequate anticipation and preparation. It calls for striking a sensible balance between attack prevention, detection, and response. Unlike popular opinion, this does not connote negativity; rather, it allows for sufficient opportunities to respond in ways that thwart attacks while ensuring minimal impact on business operations.

➡ What are your thoughts about DevSecOps/Security maturity models? Are there other relevant models out there that might be useful?

Kennedy Torkura

July 01, 2023
Tweet

More Decks by Kennedy Torkura

See All by Kennedy Torkura
The Cyber Resilience Chasm
ktorkura
0
25
Outcome vs Output Security Approaches
ktorkura
0
190
Cloud Attack Emulation for Mere Mortals
ktorkura
0
90
Enhancing Cloud Detection & Response with Security Chaos Engineering
ktorkura
0
49
CERT Resilience Management Model
ktorkura
0
80
Security Experimentation Builds Resilience
ktorkura
0
27
Security Chaos Engineering for Fun & Profit
ktorkura
0
43
Risk Driven Fault Injection
ktorkura
0
87
Chaos_Engineering_for_Cloud_Native_Security.pdf
ktorkura
0
92

Other Decks in Technology

See All in Technology
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
신뢰할 수 있는 AI 검색 엔진을 만들기 위한 Liner의 여정
huffon
0
340
スプリントゴールにチームの状態も設定する背景とその効果 / Team state in sprint goals why and impact
kakehashi
2
100
APIテスト自動化の勘所
yokawasa
7
4.2k
生成AIの強みと弱みを理解して、生成AIがもたらすパワーをプロダクトの価値へ繋げるために実践したこと / advance-ai-generating
cyberagentdevelopers
PRO
1
180
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.6k
わたしとトラックポイント / TrackPoint tips
masahirokawahara
1
240
Forget efficiency – Become more productive without the stress
ufried
0
140
[JAWS-UG金沢支部×コンテナ支部合同企画]コンテナとは何か
furuton
3
250
チームを主語にしてみる / Making "Team" the Subject
ar_tama
4
310
一休.comレストランにおけるRustの活用
kymmt90
3
580

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
1
40
Designing on Purpose - Digital PM Summit 2013
jponch
115
6.9k
Designing for Performance
lara
604
68k
The Power of CSS Pseudo Elements
geoffreycrofte
72
5.3k
Designing the Hi-DPI Web
ddemaree
280
34k
KATA
mclloyd
29
13k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Imperfection Machines: The Place of Print at Facebook
scottboms
264
13k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k

Transcript

  1. Fast-tracking DevSecOps Maturity With Security Chaos Engineering

  2. Source: Datadog DevSecOps Maturity Model - DevSecOps Maturity Model White

    Paper | Datadog (datadoghq.com) Three Important Questions About DevSecOps Maturity 1 . What is your level of DevSecOps Maturity ? 2. Where is your desired level of DevSecOps maturity ? 3. How do you get there ?

  3. Technical leaders need a Maturity Model to answer those three

    questions.

  4. “A maturity model is a tool that helps people assess

    the current effectiveness of a person or group and supports figuring out what capabilities they need to acquire next in order to improve their performance.” - Martin Fowler MaturityModel (martinfowler.com)

  5. A Quick Look At Two Relevant Security Maturity Models

  6. Maturity Model 01 : Datadog DevSecOps Maturity Model Datadog DevSecOps

    Maturity Model - DevSecOps Maturity Model White Paper | Datadog (datadoghq.com) Identifies four stages of maturity across six major competency areas

  7. Security Chaos Testing is a Requisite For the Operate Competency

    Across Intermediate, Advanced & Expert Maturity Stages Datadog DevSecOps Maturity Model - DevSecOps Maturity Model White Paper | Datadog (datadoghq.com)

  8. The AWS Security Maturity Model is Organized in Phases. AWS

    Security Maturity Model - Home :: AWS Security Maturity Model Maturity Model 02: The AWS Security Maturity Model

  9. Security Chaos Engineering Is Recommended Under Phase 4. This is

    critical for enabling cyber resilience AWS Security Maturity Model - Home :: AWS Security Maturity Model

  10. What is the Value Props of Security Chaos Engineering for

    DevSecOps? Spoiler Alert : The value proposition is generally applicable to other cyber security domains. Security Chaos Engineering 101: The Mind Map & Feedback Loop (mitigant.io)

  11. DORA Metrics • Deployment Frequency • Lead time for changes

    • Time to restore service • Change failure rate State of the DevOps Report DORA 2022 Accelerate State of DevOps Report now out | Google Cloud Blog These metrics are indicative low, medium and high performing teams.

  12. Security Chaos Engineering Leads to Cyber Resilience Leveraging Security Chaos

    Engineering for Cloud Cyber Resilience - Part I (mitigant.io) High performing security engineering teams are cyber resilient.

  13. Seamlessly Fast-track Your DevSecOps Maturity With The Mitigant Security Chaos

    Engineering Platform Cloud Immunity | Mitigant https://mitigant.io We are here to support you. Be Secure. Be Resilient.