DevSecOps and Secure Incident Response @QuintessenceAnx Developer Advocate @ PagerDuty

DevSecOps and Secure Incident Response @QuintessenceAnx Developer Advocate @ PagerDuty

Don’t panic @QuintessenceAnx

The Now @QuintessenceAnx

@QuintessenceAnx

Software Development Life Cycle @QuintessenceAnx

Vault over “The Wall” for Security Review @QuintessenceAnx

Software Development Life Cycle Security @QuintessenceAnx

@QuintessenceAnx

🤔 @QuintessenceAnx

DevSecOps @QuintessenceAnx

What is DevSecOps? @QuintessenceAnx

DevSecOps stands for development, security, and operations. DevSecOps seeks to integrate security across the SDLC and streamline the work ows between dev, sec, and ops. fl @QuintessenceAnx

What DevSecOps is not @QuintessenceAnx

DevSecOps is not replacing security with dev and/or ops, or expecting dev and/or ops to become security specialists, or expecting security to become devs and/or ops. @QuintessenceAnx

Phew. @QuintessenceAnx

@QuintessenceAnx

How? @QuintessenceAnx

The Secure SDLC + Shifting Left @QuintessenceAnx

@QuintessenceAnx

@QuintessenceAnx

@QuintessenceAnx

SecOps Activities • Secure architecture / design • Threat modeling • Testing, e.g. SAST and DAST • Scanning images and dependencies • Fuzzing • And more! @QuintessenceAnx

Shift Left @QuintessenceAnx

@QuintessenceAnx

How? @QuintessenceAnx

Cultural Support @QuintessenceAnx

Humans. @QuintessenceAnx

Sharp end: High Risk Low Power Blunt end: Low Risk High Power @QuintessenceAnx

Exec Buy-in @QuintessenceAnx

Never trick staff, ever. @QuintessenceAnx

Training @QuintessenceAnx

Full Service Ownership @QuintessenceAnx

Capture the Flag @QuintessenceAnx

Threat Modeling @QuintessenceAnx

🚨 @QuintessenceAnx

Secure Incident Response @QuintessenceAnx

  1. Stop the attack in progress. 2. Cut o the attack vector.
  2. Apply additional mitigations, make changes to monitoring, etc.
  3. Assemble the response team. 10.Forensic analysis of compromised systems.
  4. Isolate a ected instances. 11.Internal communication.
  5. Identify timeline of attack. 12.Involve law enforcement.
  6. Identify compromised data. 13.Reach out to external parties that may have been used as vector for attack.
  7. Assess risk to other systems. 8. Assess risk of re-attack. 14.External communication. ff ff @QuintessenceAnx

Stop the attack in progress @QuintessenceAnx

Cut off the attack vector @QuintessenceAnx

Assemble the response team @QuintessenceAnx

Isolate the affected instances @QuintessenceAnx

Identify timeline of the attack @QuintessenceAnx

Identify compromised data @QuintessenceAnx

Assess risk to other systems @QuintessenceAnx

Assess risk of re-attack @QuintessenceAnx

Apply additional mitigations, additions to monitoring, etc. @QuintessenceAnx

Forensic analysis of compromised systems @QuintessenceAnx

Internal communication @QuintessenceAnx

Involve law enforcement @QuintessenceAnx

Reach out to external parties that may have been used as attack vectors @QuintessenceAnx

External communication @QuintessenceAnx

  1. Stop the attack in progress. 2. Cut o the attack vector.
  2. Apply additional mitigations, make changes to monitoring, etc.
  3. Assemble the response team. 10.Forensic analysis of compromised systems.
  4. Isolate a ected instances. 11.Internal communication.
  5. Identify timeline of attack. 12.Involve law enforcement.
  6. Identify compromised data. 13.Reach out to external parties that may have been used as vector for attack.
  7. Assess risk to other systems. 8. Assess risk of re-attack. 14.External communication. ff ff @QuintessenceAnx

Resources & References noti.st/quintessence @QuintessenceAnx

Questions? Quintessence Anx Developer Advocate noti.st/quintessence @QuintessenceAnx

Brand Colors • PagerDuty Green Hex #06ac38 • Dark Green Hex #005a24 • Clay Hex #94b2a5 • Orange Hex #fa640a • Peach Hex # c5b2 • Yellow Hex # e664 • Dark Blue Hex #00607f ff ff @QuintessenceAnx