steven woodward ccsk, cfps, csqa steve@cloud ......steven woodward ccsk, cfps, csqa...
TRANSCRIPT
![Page 1: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/1.jpg)
Steven Woodward CCSK, CFPS, [email protected]
613-698-5240www.cloud-perspectives.com
DevSecOps Days – October 1 2020
Software Engineering Institute
Carnegie Mellon University
![Page 2: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/2.jpg)
Intro
Context Is Everything
Goals, Objectives, Outcomes
Why Standardization Matters
DevSecOps and Metrics
Closing Perspectives and Context
2
![Page 3: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/3.jpg)
ISO/ IEC – JTC1 Member, liaison between SC7 Systems & Software and
SC38 Cloud & Distributed Systems (SLAs, Connectivity, DevOps)
IEEE 2675 DevOps and DevSecOps
IEEE P2302 with NIST - Cloud Federation
IEEE 2430 – Non-Functional Sizing
IFPUG – (software sizing) - Former Standards Chair & Director
NIST - Lead Cloud Audit and Carrier
Cloud Security Alliance – Standards Committee & DevSecOps & Director
OMG CSCC - Lead Metrics, Roles, Resources
Standards Council of Canada (Ethics, Data Governance, GDPR)
Collaboration between various SDOs and communities
3
![Page 4: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/4.jpg)
4
![Page 5: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/5.jpg)
Intro
Context Is Everything
Goals, Objectives, Outcomes
Why Standardization Matters
DevSecOps and Metrics
Closing Perspectives and Context
5
![Page 6: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/6.jpg)
6
0 – Deterrent
300 LB Bear…136 KG (estimated)
20 meters distance to bear (approx. 21 yards)
75 yards (68.58 meters) they feel disrupted
Shed 10 meters away (10 yards)
Our Car 150 meters away (160 yards)
Bear can run at 22 MPH (35.4 KPH)
Estimate I can run at 15 KPH (10 MPH)
How fast can my wife run?
![Page 7: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/7.jpg)
Intro
Context Is Everything
Goals, Objectives, Outcomes
Why Standardization Matters
DevSecOps and Metrics
Closing Perspectives and Context
7
![Page 8: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/8.jpg)
Slow delivery of “value” to customers
Detected malware 8 months after it was installed
Sensitive healthcare data of 5000 patients was stolen 6 months ago
Customers are cancelling services
IT spending is higher than allocated
Business benefits/ value unrealized
8
![Page 9: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/9.jpg)
Detect malware within 1 hour of deployment
Reduce costs per feature delivered
Reduce overall total cost of ownership
Reduce average number of “server hops”
Improve defect removal efficiency
Increase user/ customer efficiency
9
![Page 10: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/10.jpg)
Rapid automation of wrong things faster
Faster delivery of defect-prone software
Faster delivery of unsecure software
Faster delivery of software that doesn’t satisfy user needs
Faster delivery of the wrong software
Faster delivery/ deployment of expensive services to operate and govern
10
![Page 11: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/11.jpg)
Intro
Context Is Everything
Goals, Objectives, Outcomes
Why Standardization Matters
DevSecOps and Metrics
Closing Perspectives and Context
11
![Page 12: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/12.jpg)
12
Trend Analysis
(reflection)
Comparative Analysis
(selection/ decisions)
Communication
![Page 13: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/13.jpg)
13
Standards Support Business
and Enabling Metrics
Revenue
Expenses
# Complaints Resolved
# Customers Served
Average Time to Sale
# Customers PII Stolen
Response Time
System Availability
TB Data Stored
Mean Time to Restore
$/ FP Developed
$/ FP Supported
# Deployments/ Month
Availability of Service
Number of Server Hops
Storage Incidents
Number of Instances
Bits per Second
Availability of Network Port
Business More Technical
International, Regional, Enterprise, Teams
![Page 14: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/14.jpg)
Intro
Context Is Everything
Goals, Objectives, Outcomes
Why Standardization Matters
DevSecOps and Metrics
Closing Perspectives and Context
14
![Page 15: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/15.jpg)
15
Based on the United States DoD – Enterprise DevSecOps Reference Design
![Page 16: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/16.jpg)
16
Based on the United States DoD – Enterprise DevSecOps Reference Design
![Page 17: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/17.jpg)
Alert
Trigger
17
![Page 18: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/18.jpg)
Intro
Context Is Everything
Goals, Objectives, Outcomes
Why Standardization Matters
DevSecOps and Metrics
Closing Perspectives and Context
18
![Page 19: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/19.jpg)
19
This Photo by Unknown Author is licensed under CC BY-SA
This Photo by Unknown Author is licensed under CC BY-SA
Right Automation
at the Right Time
![Page 20: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/20.jpg)
20
Cost
Time
$400K
+Risk
$200K
Less Risk
![Page 21: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/21.jpg)
21
Building secured software is costly…
Cost of breaches can be much worse
Based on Galorath SEER-SEM Parametric Estimation Model
![Page 22: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/22.jpg)
IDC Scalar Security Study 2019◦ Average cost per organization responding to and
recovering from cyber-security incidents?
◦ $4.8 to $5.8 Million Dollars
◦ Average organization attacked 440 times per year
Competent DevSecOps - Can reduce costs and risks for development and support
22
![Page 23: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/23.jpg)
Don’t Measure to Measure
Recognize what you measure impacts behavior (positive or negative)
Check for abuse
Standardize so precision is fit for purpose
Educate through supply chain
Incremental and value focus
23
![Page 24: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/24.jpg)
Driverless cars
IoT
Artificial Intelligence
Microservices
Analytics/Big Data
Blockchain (distributed ledgers)
24
![Page 25: Steven Woodward CCSK, CFPS, CSQA steve@cloud ......Steven Woodward CCSK, CFPS, CSQA steve@cloud-perspectives.com 613-698-5240 DevSecOps Days –October 1 2020 Software Engineering](https://reader036.vdocuments.site/reader036/viewer/2022070216/611dad6a007c4d077e1f8323/html5/thumbnails/25.jpg)
25
Twitter: @woodwardsystems or @cloudsimplify
www.cloud-perspectives.com
613-698-5240