Leaving Gorams Cave

Leaving Gorams Cave

This is the talk that I gave throughout 2014. This was our 'watershed' moment of do we fit from IT Security at Scale.

E723a33d80fb7795bb9b514c2a558ff1?s=128

mosesrenegade

April 05, 2014
Tweet

Transcript

  1. T H E R E T U R N O

    F T H E … 2 0 1 4
  2. - M O S E S H E R N

    A N D E Z “The views expressed here are my own and do not necessarily represent the views of my employers.”
  3. - W. E D WA R D S D E

    M I N G “It is not necessary to change. Survival is not mandatory.”
  4. M O S E S H E R N A

    N D E Z W W W. M O S E S . I O I W O R K [ @ ] C I S C O * T H I S I S W H AT I G O T F O R C H R I S T M A S # > . / W H O A M I
  5. The industry today.

  6. H T T P : / / E N .

    W I K I P E D I A . O R G / W I K I / S O F T WA R E _ D E P L O Y M E N T Software deployment is all of the activities that make a software system available for use.
  7. D E P L O Y S : T H

    E N U M B E R S 50-60 a day in 2011. 500-700 a day in 2012.
  8. “Hundreds”a day. D E P L O Y S

  9. 50M+ tests. D E P L O Y S

  10. H T T P : / / W W W.

    C H R O M I U M . O R G / D E V E L O P E R S / T E S T I N G / C H R O M I U M - B U I L D - I N F R A S T R U C T U R E / T O U R - O F - T H E - C H R O M I U M - B U I L D B O T A N E X A M P L E O F C O N T I N U O U S T E S T I N G …
  11. How

  12. W O R K I N G T O G

    E T H E R D E V + O P S
  13. T H E A R M S R A C

    E Culture People > Tools Velocity Time to Market
  14. C U LT U R E E X A M

    P L E A C C O U N TA B I L I T Y
  15. Measure

  16. T H E N E W B L A C

    K #!/usr/bin/env {ruby|python|erlang|java}
  17. None
  18. - S O M E P O O R P

    O O R C S O “Did someone just hack us for the “LulZ”?”
  19. I N F O S E C PA N I

    C
  20. T H E S I L O S T H

    AT B R I N G U S H E R E F E I F D O M S
  21. L AY E R C A K E

  22. N E T W O R K O S A

    P P P L AT F O R M O P E R A T I O N A L I Z I N G S E C U R I T Y
  23. T H E F O U N D AT I

    O N O F T H E E N T I R E S Y S T E M N E T W O R K S E C U R I T Y
  24. E V E RY T H I N G R

    U N S O N A K E R N E L O S S E C U R I T Y
  25. A P P S = = D ATA = =

    C U S T O M E R S = = W H AT W E P R O T E C T A P P S E C U R I T Y
  26. A S Y S T E M O F N

    E T W O R K S , O S ’ S , A N D A P P S . P L A T F O R M S E C U R I T Y
  27. Companies that develop platforms first, will have an advantage in

    their space.
  28. B E A U T I F U L A

    R E N ' T T H E Y. S I L O S
  29. T H E C U R S E O F

    S AY I N G N O . S T U C K I N T I M E
  30. T R U S T B U T V E

    R I F Y A U D I T I N G
  31. - C H A D D I C K E

    R S O N , C T O E T S Y “We actually trust people” *
  32. Auditors are trained NOT to trust people.

  33. W E D O N ’ T M E A

    S U R E … You can not fix it, if you cannot measure it.
  34. The return of the jedi

  35. A U T O M AT I O N C

    O N F I G M A N A G E M E N T M A C H I N E L E A R N I N G C O N T I N U O S D E P L O Y M E N T T R E N D S
  36. A U T O M AT I O N The

    rise of the machines part I
  37. C O N F I G M A N A

    G E M E N T I N F R A S T R U C T U R E A S C O D E
  38. W H Y D O W E N E E

    D T O C H A N G E
  39. C O R E O S Bleeding Edge Example

  40. C O R E O S Linux kernel + systemd

    + docker
  41. A L L A U T O M AT E

    D A N D E L A S T I C Systems that build an environment that run a platform.
  42. C U LT U R E Security becomes everyones problem

    ‘Accountability’
  43. T H E G O A L O F C

    O N T I N U O U S D E L I V E RY Everything is always green!
  44. C O N S TA N T F U Z

    Z I N G (http://blog.chromium.org/2012/04/ fuzzing-for-security.html)
  45. O P P O R T U N I T

    Y SDN + Security OSINT Data Driven Security
  46. H O W D I D W E G E

    T H E R E C A L L T O A C T I O N
  47. Thanks www.cisco.com/go/security www.moses.io moses@cisco.com @mosesrenegade

  48. C I S C O A N D O P

    E N S TA N D A R D S • Does Cisco do Open Source or Open Standard Support? • EIGRP: http://tools.ietf.org/html/draft-savage-eigrp-00 • HSRP: http://datatracker.ietf.org/doc/rfc2281/ • Lawful Intercept: http://datatracker.ietf.org/doc/rfc3924/