Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Continuous Security
Search
Laura Bell
September 01, 2015
Technology
1.2k
3
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Continuous Security
Presented at AgileNZ by Laura Bell
Laura Bell
September 01, 2015
More Decks by Laura Bell
See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
300
Hackcon 11 - Protecting our people
ladynerd
0
260
Security in a container based world
ladynerd
0
170
Securing Microservice Architectures
ladynerd
2
370
Better Connected
ladynerd
0
84
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.8k
Blindsided by security
ladynerd
0
150
Practical tools for privacy audit
ladynerd
0
230
For the greater good? Open sourcing weaponisable code
ladynerd
1
350
Other Decks in Technology
See All in Technology
Mastraエージェント、どのクラウドにデプロイする?
minorun365
PRO
2
160
AIに障害切り分けを全部やってもらった。 。 。 。
estie
0
350
背中から、背中へ /paying forward to community
naitosatoshi
0
220
そのハーネス、本当に境界になっていますか? AIエージェント時代の実行環境設計【MEGU-Meet #4】
cscengineer
PRO
0
110
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
150
CVE-2026-20833_脆弱性対応とAES 化について
jukishiya
0
360
プライバシー保護の理論と実践
lycorptech_jp
PRO
1
240
10x Speed With QA Agent Platform - How we scaled adoption from individual effort to organizational capability
lycorptech_jp
PRO
0
130
打造你的 AI 工作流:Agent Skill + MCP 實戰工作坊
appleboy
0
530
End-to-Endで考える信頼性 —LINEアプリにおけるクライアント開発×SRE連携の実践
maruloop
1
210
從觀望到全公司落地:AI Agentic Coding 導入實戰 — 流程整合與安全治理
appleboy
1
770
完全自律ロボットを作りたくて、先に開発を自律させた話(ROS Japan UG #63 LT)
rryz09
0
120
Featured
See All Featured
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
380
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
170
For a Future-Friendly Web
brad_frost
183
10k
Automating Front-end Workflow
addyosmani
1370
210k
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
2
230
Ruling the World: When Life Gets Gamed
codingconduct
0
270
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
23k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
38
2.9k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.3k
Believing is Seeing
oripsolob
1
160
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
220
Transcript
Continuous Security Laura Bell SafeStack
Con$nuous Security Laura Bell F O U N D
E R & L E A D C O N S U LTA N T S A F E S TAC K @ l a d y _ n e rd l a u r a @ s a fe s t a c k . i o
once upon a $me*… * Some'me in the last week
for some of you
and the whole world went to hell
common misconcep$ons
it’s not my job (that’s why we have a
security team)
it’s impossible so why try
we’ve always done this… nobody’s hacked us yet
we’re too li@le to fail (at security)
agility increases risk
what is con$nuous security?
design code stuff idea test deploy
design code stuff idea test deploy
Ini'al Risk Assessment Design Review Code and Implementa'on Review Penetra'on Tes'ng
None
con$nuous
principles of con$nuous security
automated autonomous integrated repeatable scalable
automated “the best technical people I know work really
hard to make themselves redundant”
Deployment Provisioning Tes$ng Sta$c analysis Vulnerability mgmt
autonomous “no boMlenecks, breakdowns or ripples”
None
Skills Authority Accountability every team
integrated “bite-‐sized security that works with every step of
your lifecycle”
None
Woven in to keep you going Respected enough to stop
you
repeatable “security fails when it’s a special event”
Every story Every sprint Every developer Every $me
Standard Security Stories h@p:/ /www.safecode.org
scalable “more than just a single team experiment”
Business as usual Managed Measured Controlled Universal Special Proof of
concept Blue sky Experiment Innova$on
Case Study
Fast growing 110 developers Compliance environment New
code Legacy code Mul$ple languages
Requirements Standard Security Stories Architecture Inclusion Reusable
requirements
Code review IDE based free tools Peer Review Security guild
Tes$ng Automated ZAP tes$ng Selenium Standard security tests
Deployment Vulnerability checks Infrastructure as code On demand deployments
Collabora$on Security guild Chat ops Hack events
Good stuff speed of change skill level increase increased
awareness priority of legacy use of security resource
Lessons learned security guilds tool cost tool quality approaches training
at scale
achieving con$nuous security
choose tools wisely integra$ons with workflows, API, speed
easy to digest resources keep your examples, templates and
reusable stuff as close to your developers as possible
educate everyone skills are the number one bo@leneck
give testers some love test environments, clean test data
and tools
no special treatment legacy code needs security too
dev == test == prod remove the differences to
remove deployment complexity
Ques$ons? Laura Bell F O U N D E R
& L E A D C O N S U LTA N T S A F E S TAC K @ l a d y _ n e rd l a u r a @ s a fe s t a c k . i o
@lady_nerd Laura Bell SafeStack Thanks for listening…