characteristics of a devops culture change
TRANSCRIPT
Certified DevOps Engineer with over 11 + years of hands on experience in architecting / automating and optimizing the mission critical application and deployments over large scale infrastructures.
Proficient with Configuration Management tools and in developing the CI/CD Pipelines across Enterprise grade applications.
MICROSOFT AZURE DEVOPS ENGINEER EXPERT Certified from Microsoft Corp.
Certified SRE & SAFE4 DevOps practitioner for Large Enterprises.
Subramani: DevOps Expert
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
3
Making Most Of Training
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
4
Getting Help
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
5
Making Best of Your Training
⮚ Live Interactive Session⮚ FREE Unlimited Retake for Next 1 Years
⮚ FREE On-Job Support for next 1 Years
⮚ Ask Questions & Make Session Interactive
⮚ Add Yourself in WhatsApp Group
⮚ Live Session Details http://k21academy.com/live
⮚ Ask as Many Questions as you can & make session interactive
⮚ Do Lots of Hands-On
⮚ Learn at your own Pace & Look How Far You have come
⮚ Share WIN
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
6
Agenda: Module
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
8
Golden Circle of DevOps
Shift Lift Strategies
Rugged DevOps
DevSec Ops
DevChat Ops
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
10
Purpose, Cause, BeliefReason organization exists
What Sets you apart
Products and services
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
11
The WHY?
The HOW?
The WHAT?
Supported by Learning and Growth
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
13
DevOps – Shift Strategies
Golden Circle of DevOps Test driven
development (TDD)
Performance testing
End-to-end use-case testing
Security testing
Manual testing
Testing in production
“Shifting left” is about building quality into the software development process. When you shift left, fewer things break in
production, because any issues are detected and resolved earlier.
Shift Left
Shift Right
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
15
Rugged DevOps
Rugged DevOps is a method that includes security practices as early in the continuous delivery pipeline as possible to increase cybersecurity, speed,
and quality of releases beyond what DevOps practices can yield alone
Rugged software development is a cultural approach to
creating available, survivable, defensible, secure, and
resilient software
Rugged organizations are comfortable with
instrumentation, experimentation and experience
It is not the same as DevSec Ops but related
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
16
Rugged DevOps Bigger Questions?
IS MY PIPELINE CONSUMING THIRD-
PARTY COMPONENTS, AND IF SO, ARE THEY
SECURE?
ARE THERE KNOWN VULNERABILITIES
WITHIN ANY OF THE THIRD-PARTY
SOFTWARE WE USE?
HOW QUICKLY CAN I DETECT
VULNERABILITIES (TIME TO DETECT)?
HOW QUICKLY CAN I REMEDIATE IDENTIFIED VULNERABILITIES (TIME
TO REMEDIATE)?
Security practices need to be as good and quick at detecting
potential security anomalies as other parts of the DevOps pipeline,
including infrastructure automation and code development.
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
18
The purpose and intent of DevSec Ops is to build on the mindset that "everyone is responsible
for security" with the goal of safely distributing security decisions at speed and scale to those who
hold the highest level of context without sacrificing the safety required
DevSec Ops
Introduces security as a code Embraces the “shift left” testing strategy Leverages automation for resilience, testing,
detection and audit
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
19
Why Needed?
The IT infrastructure landscape has
undergone exponential changes over the past
decade. The shift to agile cloud computing platforms, shared
storage and data, and dynamic applications has brought huge benefits to organizations looking to thrive and grow through
the use of advanced applications and services.
DevSecOps was introduced into
the software development
lifecycle to bring development,
operations and security
together under one umbrella.
Making security an equal consideration alongside
development and operations is a must for any organization
involved in application development and
distribution. When you integrate DevSecOps and
DevOps, every developer and network administrator has security at the front of their mind when developing and
deploying applications.
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
20
How to achieve?
1. A developer creates code within a version control management system.
2. The changes are committed to the version control management system.
3. Another developer retrieves the code from the version control management system and carries out analysis of the static code to identify any security defects or bugs in code quality.
4. An environment is then created, using an infrastructure-as-code tool, such as Chef. The application is deployed and security configurations are applied to the system.
5. A test automation suite is then executed against the newly deployed application, including back-end, UI, integration, security tests and API.
6. If the application passes these tests, it is deployed to a production environment.
7. This new production environment is monitored continuously to identify any active security threats to the system.
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
21
Categories of Dev-Sec-Ops
Code Security
Build Security
Artifact Security
Container Security
Architecture Security
Release Security
Open source Security
Software Security
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
23
DevChat Ops
Chat clients + chat bots = conversation-drivendevelopment, delivery and support
The Transparency of ChatOps shortens feedback loops, improves information sharing, enhances team collaboration and enables
cross-training. It can also be used to decrease MTTR.
https://www.facebook.com/K21Academy
http://twitter.com/k21Academy
https://www.linkedin.com/company/k21academy
https://www.youtube.com/k21academy
https://www.instagram.com/k21academy
https://k21academy.com/youtube © Copyright 2020 | K21 Academy | All Rights Reserved
24
Find Us