Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Continuous Security
Search
Laura Bell
September 01, 2015
Technology
1.2k
3
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Continuous Security
Presented at AgileNZ by Laura Bell
Laura Bell
September 01, 2015
More Decks by Laura Bell
See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
300
Hackcon 11 - Protecting our people
ladynerd
0
260
Security in a container based world
ladynerd
0
170
Securing Microservice Architectures
ladynerd
2
370
Better Connected
ladynerd
0
84
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.8k
Blindsided by security
ladynerd
0
150
Practical tools for privacy audit
ladynerd
0
230
For the greater good? Open sourcing weaponisable code
ladynerd
1
350
Other Decks in Technology
See All in Technology
End-to-Endで考える信頼性 —LINEアプリにおけるクライアント開発×SRE連携の実践
maruloop
4
4.1k
LLM/Agent評価:トップ営業の発言を「正解」にする 〜暗黙的正解による評価を営業資産に変える〜
takkuhiro
1
210
AIと共生する開発者プラットフォーム:バクラクのモノレポ×マイクロサービス基盤
sakajunquality
2
3.4k
あなたの『Site』はどこですか? — xREという考え方
miyamu
0
1.2k
AI時代の開発生産性は、個人技からチーム設計へ
moongift
PRO
2
210
「早く出す」より「事業に効く」 ── 顧客の業務サイクルから逆算するAI時代の二重ループ開発と「変化の設計者」 / devsumi2026
rakus_dev
1
230
SREとQA 二人三脚で進めるSLO運用/sre-qa-slo
sugitak
0
480
シンガポールで登壇してきます
yama3133
0
120
Road to SRE NEXTの今までとこれから
hiroyaonoe
0
310
SRE依存からの脱却 運用を開 発チームへ移す、 フルサイ クル開 発体制の実践
joooee0000
0
2.7k
生成AIの活用/high_school2026
okana2ki
0
130
地域 SRE コミュニティ最前線 / SRE NEXT 2026 Discussion Night Track C
muziyoshiz
0
210
Featured
See All Featured
The Invisible Side of Design
smashingmag
301
52k
Become a Pro
speakerdeck
PRO
31
6k
My Coaching Mixtape
mlcsv
0
170
How to Talk to Developers About Accessibility
jct
2
340
Discover your Explorer Soul
emna__ayadi
2
1.2k
Unsuck your backbone
ammeep
672
58k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
390
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
750
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
310
WENDY [Excerpt]
tessaabrams
11
38k
Raft: Consensus for Rubyists
vanstee
141
7.6k
Transcript
Continuous Security Laura Bell SafeStack
Con$nuous Security Laura Bell F O U N D
E R & L E A D C O N S U LTA N T S A F E S TAC K @ l a d y _ n e rd l a u r a @ s a fe s t a c k . i o
once upon a $me*… * Some'me in the last week
for some of you
and the whole world went to hell
common misconcep$ons
it’s not my job (that’s why we have a
security team)
it’s impossible so why try
we’ve always done this… nobody’s hacked us yet
we’re too li@le to fail (at security)
agility increases risk
what is con$nuous security?
design code stuff idea test deploy
design code stuff idea test deploy
Ini'al Risk Assessment Design Review Code and Implementa'on Review Penetra'on Tes'ng
None
con$nuous
principles of con$nuous security
automated autonomous integrated repeatable scalable
automated “the best technical people I know work really
hard to make themselves redundant”
Deployment Provisioning Tes$ng Sta$c analysis Vulnerability mgmt
autonomous “no boMlenecks, breakdowns or ripples”
None
Skills Authority Accountability every team
integrated “bite-‐sized security that works with every step of
your lifecycle”
None
Woven in to keep you going Respected enough to stop
you
repeatable “security fails when it’s a special event”
Every story Every sprint Every developer Every $me
Standard Security Stories h@p:/ /www.safecode.org
scalable “more than just a single team experiment”
Business as usual Managed Measured Controlled Universal Special Proof of
concept Blue sky Experiment Innova$on
Case Study
Fast growing 110 developers Compliance environment New
code Legacy code Mul$ple languages
Requirements Standard Security Stories Architecture Inclusion Reusable
requirements
Code review IDE based free tools Peer Review Security guild
Tes$ng Automated ZAP tes$ng Selenium Standard security tests
Deployment Vulnerability checks Infrastructure as code On demand deployments
Collabora$on Security guild Chat ops Hack events
Good stuff speed of change skill level increase increased
awareness priority of legacy use of security resource
Lessons learned security guilds tool cost tool quality approaches training
at scale
achieving con$nuous security
choose tools wisely integra$ons with workflows, API, speed
easy to digest resources keep your examples, templates and
reusable stuff as close to your developers as possible
educate everyone skills are the number one bo@leneck
give testers some love test environments, clean test data
and tools
no special treatment legacy code needs security too
dev == test == prod remove the differences to
remove deployment complexity
Ques$ons? Laura Bell F O U N D E R
& L E A D C O N S U LTA N T S A F E S TAC K @ l a d y _ n e rd l a u r a @ s a fe s t a c k . i o
@lady_nerd Laura Bell SafeStack Thanks for listening…