Leaving Gorams Cave

Leaving Gorams Cave

This is the talk that I gave throughout 2014. This was our 'watershed' moment of do we fit from IT Security at Scale.

E723a33d80fb7795bb9b514c2a558ff1?s=128

mosesrenegade

April 05, 2014
Tweet

Transcript

  1. 1.

    T H E R E T U R N O

    F T H E … 2 0 1 4
  2. 2.

    - M O S E S H E R N

    A N D E Z “The views expressed here are my own and do not necessarily represent the views of my employers.”
  3. 3.

    - W. E D WA R D S D E

    M I N G “It is not necessary to change. Survival is not mandatory.”
  4. 4.

    M O S E S H E R N A

    N D E Z W W W. M O S E S . I O I W O R K [ @ ] C I S C O * T H I S I S W H AT I G O T F O R C H R I S T M A S # > . / W H O A M I
  5. 6.

    H T T P : / / E N .

    W I K I P E D I A . O R G / W I K I / S O F T WA R E _ D E P L O Y M E N T Software deployment is all of the activities that make a software system available for use.
  6. 7.

    D E P L O Y S : T H

    E N U M B E R S 50-60 a day in 2011. 500-700 a day in 2012.
  7. 10.

    H T T P : / / W W W.

    C H R O M I U M . O R G / D E V E L O P E R S / T E S T I N G / C H R O M I U M - B U I L D - I N F R A S T R U C T U R E / T O U R - O F - T H E - C H R O M I U M - B U I L D B O T A N E X A M P L E O F C O N T I N U O U S T E S T I N G …
  8. 11.

    How

  9. 12.

    W O R K I N G T O G

    E T H E R D E V + O P S
  10. 13.

    T H E A R M S R A C

    E Culture People > Tools Velocity Time to Market
  11. 14.

    C U LT U R E E X A M

    P L E A C C O U N TA B I L I T Y
  12. 15.
  13. 16.

    T H E N E W B L A C

    K #!/usr/bin/env {ruby|python|erlang|java}
  14. 17.
  15. 18.

    - S O M E P O O R P

    O O R C S O “Did someone just hack us for the “LulZ”?”
  16. 20.

    T H E S I L O S T H

    AT B R I N G U S H E R E F E I F D O M S
  17. 22.

    N E T W O R K O S A

    P P P L AT F O R M O P E R A T I O N A L I Z I N G S E C U R I T Y
  18. 23.

    T H E F O U N D AT I

    O N O F T H E E N T I R E S Y S T E M N E T W O R K S E C U R I T Y
  19. 24.

    E V E RY T H I N G R

    U N S O N A K E R N E L O S S E C U R I T Y
  20. 25.

    A P P S = = D ATA = =

    C U S T O M E R S = = W H AT W E P R O T E C T A P P S E C U R I T Y
  21. 26.

    A S Y S T E M O F N

    E T W O R K S , O S ’ S , A N D A P P S . P L A T F O R M S E C U R I T Y
  22. 28.

    B E A U T I F U L A

    R E N ' T T H E Y. S I L O S
  23. 29.

    T H E C U R S E O F

    S AY I N G N O . S T U C K I N T I M E
  24. 30.

    T R U S T B U T V E

    R I F Y A U D I T I N G
  25. 31.

    - C H A D D I C K E

    R S O N , C T O E T S Y “We actually trust people” *
  26. 33.

    W E D O N ’ T M E A

    S U R E … You can not fix it, if you cannot measure it.
  27. 35.

    A U T O M AT I O N C

    O N F I G M A N A G E M E N T M A C H I N E L E A R N I N G C O N T I N U O S D E P L O Y M E N T T R E N D S
  28. 36.

    A U T O M AT I O N The

    rise of the machines part I
  29. 37.

    C O N F I G M A N A

    G E M E N T I N F R A S T R U C T U R E A S C O D E
  30. 38.

    W H Y D O W E N E E

    D T O C H A N G E
  31. 41.

    A L L A U T O M AT E

    D A N D E L A S T I C Systems that build an environment that run a platform.
  32. 43.

    T H E G O A L O F C

    O N T I N U O U S D E L I V E RY Everything is always green!
  33. 44.

    C O N S TA N T F U Z

    Z I N G (http://blog.chromium.org/2012/04/ fuzzing-for-security.html)
  34. 45.

    O P P O R T U N I T

    Y SDN + Security OSINT Data Driven Security
  35. 46.

    H O W D I D W E G E

    T H E R E C A L L T O A C T I O N
  36. 48.

    C I S C O A N D O P

    E N S TA N D A R D S • Does Cisco do Open Source or Open Standard Support? • EIGRP: http://tools.ietf.org/html/draft-savage-eigrp-00 • HSRP: http://datatracker.ietf.org/doc/rfc2281/ • Lawful Intercept: http://datatracker.ietf.org/doc/rfc3924/