Tony Rice

Tony Rice Senior'Applica-on'Security'Engineer,'Cisco'Systems' Security'at'the'Speed'of'DevOps' 2015 ''

2' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' TL;DR:'Agile'development'moves'too'fast,'hire'robots' Richard Sargent

3' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Agile'vs.'Waterfall' Sprint'2' Waterfall' Sprint'1' Sprint'3' “The Homer” courtesy
of Fox Backlog' Backlog' Backlog'

5' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Software Delivery Life
Cycle

6' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Cost to Fix
$1' $100V1000' $15' $30' Source: Software Engineering Economics, Barry W. Boehm

7' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Defect Introduction 30%'
18%' Source: Error Cost Escalation Through the Project Life Cycle, Stecklein, NASA/JSC

8' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Defect Discovery 86%'
Source: Software Engineering Economics, Barry W. Boehm

9' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' The'Solu-on' 1.  Introduce'fewer'bugs' 2.  Discover'them'earlier' xkcd#327'

10' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Defect Discovery Yesterday'
Tomorrow'

11' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Source NASA
JSC Send the Robots

13' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Manual Everything
✗ Code'merged'by'hand'(senior'developer)' ✗ Ad'hoc'manual'builds,'manual'tests' ✗ Measurement:'customer'complaints'

14' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Source NASA
JSC Hire a Chief Robot

15' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Continuous Integration
✔ Automated'builds' ✔ Automated'integra-on'tes-ng' Measurement:'build'quality'

16' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Secure by
Design ✔ Security'included'in'requirements' ✔ Common'security'libraries' Measurement:'adop-on'

17' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Vulnerability Scanning
✔ Automated'Vulnerability'Scanning' ✔ Code'quality'tests' Measurement:'vulnerability'counts'

The'shortest'feedback'loop'I' can'think'of'is'in'front'of'an' audience.' 'V'Demetri'Mar-n,'writer,'Late'Night'with'Conan'O’Brien'

19' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Developer Culture
Shift ✔ Test'driven'development,'unit'test'reuse ✔ Dynamic'&'Sta-c'Automated'Vulnerability'Scanning' ✔ Code'Review'/'Pair'Programming' Measurement:'vulnerability'counts,'code'review'records'

21' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Continuous Deployment
✔ Version'control'for'all'ar-facts ✔ Proac-ve'Monitoring' ✔ Stable,'reproducible'development'environment' Measurement:'deployments'per'day'

22' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Continuous Security ✔ Zero'manual'interven-on'from'checkVin'to'deployment' ✔ Only'inputs:'code,'conﬁgs'and'tests ✔ Development'priority'on'refactoring'legacy'code,'tests
Measurement:'code'coverage

23' ©'2015''Cisco'and/or'its'affiliates.'All'rights'reserved.'''Cisco'Public' •  Haskins,'Bill,'Joneje'Stecklein,'Brandon'Dick,'Gregory'Moroney,'Randy'Lovell,'and'James'Dabney.'" 8.4.2'Error'Cost'Escala-on'Through'the'Project'Life'Cycle."'INCOSE)Interna.onal)Symposium'14.1'(2004):'1723V737.'NASA) Technical)Reports)Server.'NASA'Johnson'Space'Center.'' •  Boehm,'Barry'W.'So<ware)Engineering)Economics.'Englewood'Cliffs,'NJ:'Pren-ceVHall,'1981.'ISBN'0138221227' •  Puppet'Labs.'State)of)DevOps)Report'(2014):.'
•  'Mar-n,'James.'An)Informa.on)Systems)Manifesto.'Englewood'Cliffs,'NJ:'Pren-ceVHall,'1984.'ISBN'0134647696.' ' Addi-onal'Reading'

Tony Rice

Tony Rice

Tony Rice

More Decks by Tony Rice

Other Decks in Technology

Featured

Transcript

Tony Rice Senior'Applica-on'Security'Engineer,'Cisco'Systems' Security'at'the'Speed'of'DevOps' 2015 ''

2' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' TL;DR:'Agile'development'moves'too'fast,'hire'robots' Richard Sargent

3' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Agile'vs.'Waterfall' Sprint'2' Waterfall' Sprint'1' Sprint'3' “The Homer” courtesy

5' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Software Delivery Life

6' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Cost to Fix

7' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Defect Introduction 30%'

8' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Defect Discovery 86%'

9' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' The'Solu-on' 1.  Introduce'fewer'bugs' 2.  Discover'them'earlier' xkcd#327'

10' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' Design' Coding' Test' Deploy' Defect Discovery Yesterday'

11' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Source NASA

13' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Manual Everything

14' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Source NASA

15' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Continuous Integration

16' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Secure by

17' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Vulnerability Scanning

The'shortest'feedback'loop'I' can'think'of'is'in'front'of'an' audience.' 'V'Demetri'Mar-n,'writer,'Late'Night'with'Conan'O’Brien'

19' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Developer Culture

20' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' TESTING TESTING!! xkcd#303'

21' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Requirements' &'Design' Coding' Integra-on' Test' Deploy' Continuous Deployment

22' ©'2015''Cisco'and/or'its'aﬃliates.'All'rights'reserved.'''Cisco'Public' Continuous Security ✔ Zero'manual'interven-on'from'checkVin'to'deployment' ✔ Only'inputs:'code,'conﬁgs'and'tests ✔ Development'priority'on'refactoring'legacy'code,'tests