Speaker

Mark Peters

Mark Peters

Director, Engineering Ops, BrainGu

San Antonio, Texas, United States

Actions

Dr. Mark Peters works for BrainGu as Director, Engineering Ops, managing Day 2 success. He has worked on 4 different DoD programs transitioning to DevOps. During his previous US Air Force career, he integrated intelligence processes with operational delivery. A cybersecurity expert, he holds multiple industry certifications including a CISSP. As a PhD, IT, and a Strategic Security Doctor specializing in economic espionage, he authored, "Cashing in on Cyberpower" analyzing a decade of cyber-attacks. In his spare time, he reads, thinks, writes, and then speaks. A DevOps Institute ambassador and USA chapter chair, he enjoys working with individuals on their unique DevSecOps implementations. A full-up DevOps junkie, he remains passionate about incorporating new technology into DevOps across multiple industries.

Area of Expertise

  • Government, Social Sector & Education
  • Information & Communications Technology

Topics

  • Cybersecurity
  • DevOps
  • DevSecOps
  • DevOps Transformation
  • DevOpsCulture
  • Security & Compliance
  • Information Security
  • Information Technology
  • information architecture
  • Information Protection
  • Cloud & DevOps
  • Cloud App Security
  • Cloud-Native

Hits and Misses in DoD DevOps

Over the past 3 years, I've worked at several different government organizations all trying to implement DevOps, and DevSecOps to varying levels. I've learned a lot about this unique environment in terms of security integration, project management vs Agile, and new ways to say its DevOps without committing to cultural change. This changes apply not just to the DoD but many large organizations who are also seeking DevOps benefits. Attendees will learn some of the common pitfalls, and ways to get ahead.

Continuous ATO: Myth or Reality

Continuous ATO is another overloaded term that folks really don't fully understand. From cyber requirements to automations to process repeatability, CATO can be achieved if organizations understand what's involved.

Thinking through Security Value

Today's organizations spend significant resources to shift security left. However, fewer organizations think about how security affects value. Integrating security processes across your value stream requires more than just a binary check. This talk demonstrates the values produced by security, suggests ways to measure those values, and includes some initial ways to enhance your overall security

Measuring the Whole Hole

Automating security compliance too often focuses on patches and vulnerabilities. Highly regulated industries like NIST, HIPAA and PCI-DSS demand more than just static, dynamic and runtime tools. Regulations demand knowing your users, measuring training and managing disaster recovery but automation lags here. This talk discusses integrating requirements and automating non-vulnerability standards. Using unified mark-up language integrates requirements and common tools can link users, integrate contingency plans, and expedite compliance to increase value.

Integrating Security

When working with DevSecOps, the biggest challenge may be how to integrate security into Dev and Ops functions. Traditional teams understand development and operations but bringing the department of "No" in compliance security for highly-regulated industries can be more difficult. This session discusses some experience about building the basic discussions into your teams when integrating security practices. Starts with explaining the cyber threat landscape faced by today's businesses and then expands to suggest ways to better integrate your security team while facing modern challenges. Uses current examples of transformation from both sides to emphasize understanding. Offers a clear framework to guide the discussion between dev, sec, and ops teams to build common ground and deliver value to the customer.

All About Ops - Balancing DevSecOps Workflows

Modern technology and profitability rely primarily on Ops so despite advocating DevSecOps practices, all sensible individuals realize successful businesses are all about Ops. Understanding how to balance Dev, Sec, and Ops for your organization should matter to all professionals and this article emphasizes balance from ops. Development (Dev) creates competitiveness but without ops nothing reaches customer. Security (Sec) manages compliance but without ops and dev, no products exist to become secure or compliant. DevSecOps creates a complex ecosphere where interactions rotate around dependency. Ops generates monthly cash flow and customer interactions; how can it not be central to an organization? Achieving balance is difficult. Successful DevSecOps does not create equality between tasks rather offers systemic understanding of flow, the first Way. Organizations concentrating only on Ops are likely failing to achieve DevSecOps success.

Agile Compliance and Risk Ops

Many organizations attempt adopting DevOps and Agile practices only to crash against a compliance wall such as RMF, PCI-DSS, or even GDPR. Those who offer Agile management frequently want to sell you a brand. Even Gene Kim’s “The Unicorn Project”, shows a security officer experiencing a complete breakdown before becoming a DevOps enthusiast. It’s not that hard. After being a Product Owner on an Agile team, I transferred to a security lead, operating the Risk Management Frameworks with an org newly committed to Agile. My team worked through a mindset change without the breakdown, incorporating small compliance goals, integrating with developers, shifting security left, and building cooperative risk ownership. This session shares my experiences incorporating an Agile workplace with U.S. Governments compliance in the hope of helping others.

Advancing DevOps Metrics

Every company wants to accelerate, deliver more, faster, and increase customer value and return profit to stakeholders. Every DevOps business understands core metrics but advancing values requires resolving known unknowns behind the initial numbers. Accomplishing initial metrics leads to some understanding but allows deriving additional details. Subsequent metrics should be small, focused on acceleration and provide clarity to feedback. Provided examples demonstrate how time to change, deployment frequency, restoration time, and change failure rates can be deconstructed to provide advanced solutions. Software tools exist to easily manage telemetry everywhere and increase overall value through advanced metrics.
Key Takeaway: Understanding why metrics matter and how they apply to your company

DevSecOps Days UK 2020 Sessionize Event

December 2020

2020 All Day DevOps Sessionize Event

November 2020

SKILup Day - DevSecOps - All About Ops

Virtual Event for the DevOps Institute. Presented talk on All About Ops - Balancing your Workflow Practice. Steered individuals to how integrating various tools across teams increased balance and helps deliver success

October 2020

DevOpsDays Austin 2020 Sessionize Event

May 2020 Austin, Texas, United States

DevSecOps Days - Austin

DevSecOps in DoD Cyber Systems | Mark Peters

December 2019 Austin, Texas, United States

Mark Peters

Director, Engineering Ops, BrainGu

San Antonio, Texas, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top