Trinh Tran & Dennis Stötzel
Are you trying to stay secure while developing and running a bunch of services and applications every day? So are we and it’s a huge pain in the… pipeline. We have been juggling these aspects while working with one of the biggest insurance companies in the world.
In this talk, we will share our experiences of the last three years: Trinh, as a software engineer in Vietnam and Dennis, as a security engineer in Germany. We will present our experiences of making "dev", "sec" and "ops" coexist – without sparing any dirty details. Our goal has always been fast delivery and secure applications using pipelines, containers, orchestration, and the cloud. Let us explain which of these goals we have met and which remain goals, where we messed up and where we found glory.
We will cover the following topics in our talk:
* Evolution of our project, from beginning with four engineers running in one office, to expanding to fifty engineers coming from three continents and different backgrounds,
* Development, delivery and security as a requirement in an agile project,
* The good, the bad and the ugly in technology, architecture and infrastructure.
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wild? - A real world case study
1. Singapore | 28 Feb - 01 Mar 2019
Can dev, sec and ops really coexist
in the wild?
A real world case study
TRÌNH ĐỨC TRẦN & DENNIS STÖTZEL
2. Singapore | 28 Feb - 01 Mar 2019
TRÌNH ĐỨC TRẦN
trinh.duc.tran@mgm-tp.com
www.linkedin.com/in/tranductrinh/
DENNIS STÖTZEL
dennis.stoetzel@mgm-sp.com
https://www.linkedin.com/in/dennis-
stötzel-669421167/
3. Singapore | 28 Feb - 01 Mar 2019
•CONTENT
Introduction & Business Case
Security in Agile Processes
Automated Testing
Architecture Decisions
27. Singapore | 28 Feb - 01 Mar 2019
Performance testing
FrontendFrontendFrontendFrontendFrontendFrontendFrontendFrontendFrontendSales
Platform
Back Office
41. Singapore | 28 Feb - 01 Mar 2019
3rd party frameworks lead to faster
features but painfully slow fixing of
bugs and security issues.
LESSON LEARNED
42. Singapore | 28 Feb - 01 Mar 2019
The more stakeholders are involved the
more dev and sec work becomes politics.
LESSON LEARNED
43. Singapore | 28 Feb - 01 Mar 2019
Make boring dev tasks more spicy by
combining them with ops work.
LESSON LEARNED