Speaking at DevOps World | Jenkins World Nice, France October 24th 2018

To make oneself aware of what you are getting into, you are asked to read the terms, conditions, restrictions, etc etc of any document, email so you don't miss the fine print. I was caught in one such email where I missed reading the fine print. Lucky me, I didn't get into trouble for not reading the fine print, but hit a jack pot. Yes, super excited now that I will be speaking at the DevOps World | Jenkins World in Nice, France. When I saw the email asking if anyone was willing to speak about DevSecOps at Jenkins World, I obviously thought it was the one being hosted in San Francisco which I was attending and happily said YES. My colleagues on IM started asking me "Hey Meera, you are going to Nice?" I was like what Nice, and realized I hadn't read the fine print and had volunteered to speak at a place where many would love to go. If you know me, you know I don't like to travel. But, hey I should be excited right? I am going to Nice, France. Long story short, the topic I am speaking is "Application Security Testing Made Easy with Jenkins Shared Libraries" October 24th 2018. If you are coming to France, join me. hashtag#devops hashtag#cybersecurity hashtag#jenkins hashtag#securitytestingmadeeasy

Consider cross-trained mentors

I am glad Carla picked my Mentoring quote for this article. I myself have seen the benefits of being a mentee and a Mentor. 

https://enterprisersproject.com/article/2018/7/7-ways-foster-culture-learning-it

My articles on Synopsys Blog

Sharing a common link which has all the articles I have written for Synopsys on CI/CD, DevSecOps and a few other topics I deeply care about.

https://www.synopsys.com/blogs/software-security/author/msubbarao/

Common security challenges in CI/CD workflows

What are the common security challenges in CI/CD workflows? I wrote a blog to answers these questions here: https://lnkd.in/dmPjZwx … Subscribe to our blog to stay up-to-date with all things #CICD.

Research-backed perspectives on the state of DevSecOps.

My article live today on SC Magazine UK edition. Take a look at your leisure - Research-backed perspectives on the state of DevSecOps.

And the link: https://www.scmagazineuk.com/research-backed-perspectives-on-the-state-of-devsecops/article/767217/

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Time and again, clients have asked me how to integrate SAST tools into their DevSecOps pipeline.  They ask key questions like these: How do I manage false positives? How do I triage the results? What happens to new issues identified? My scan takes 4–5 hours to complete. How can I use this tool in my DevSecOps pipeline? What do you mean by “baseline scan”? Having a decade long experience in deploying Application Security tools helped me to document answers to several of my clients questions. If these are the questions you are asking, and you’re concerned about integrating a SAST tool into your DevSecOps pipeline, read on.

Here is the link of the article on my company's blog.

https://www.synopsys.com/blogs/software-security/integrate-sast-into-devsecops-in-5-simple-steps/

Speaking at DevOpsDaysRox, Denver

Attending @DevOpsDaysRox? Come listen to my presentation "Know Your Enemy, And Yourself: Demystifying Threat Modeling.

http://okt.to/ZDQ2dC 

USA Today Article - Harnessing the Power of Women in Technology

USA Today recently featured three Synopsys engineers, who reflect on their experiences as women in tech and offer advice on carving out success in a male-dominated field. I am honored and humbled to be one of them. Link here: https://lnkd.in/ddaqkBr

#ContinuousSecurity

Has continuous security arrived with the rise of rapid development? @TechBeaconCom talks to @synopsys' @MeeraRRao(that's me) about the increased number of orgs using developers to do #SwSec testing. Read more: http://okt.to/vzpPs6 #Cybersecurity #AppSec

#MentorHer

Here is my story in support of the #MentorHer movement illustrating how two of my Mentors Girish and Kabir encouraged me to dream big and empowered me to achieve my goals. Have a read! #MentorHer 

https://www.synopsys.com/blogs/software-security/mentorher/

Women In DevOps: Meera Subbarao

Women in DevOps, DevOps Queen, Leader in DevOps - lots of new titles. Was a very long tough journey to get here, but well worth it. Hope I can inspire many more women and men alike. Take a look at the interview cloudbees did. #hardworkspays And love the line I said " I hope I have helped break the glass ceiling for women in DevOps."

And here is the link for the article itself: Women in DevOps: Meera Subbarao

Press Commentary to SC Magazine UK

I gave a press commentary earlier this week on web application security, and how the landscape has changed. Davey Winder has used some of my comments in his piece, which went live this morning. The article is called "
OWASP vulnerability chart suggests web app devs are not smelling the security coffee" 

The article link is attached below:

https://www.scmagazineuk.com/owasp-vulnerability-chart-suggests-web-app-devs-are-not-smelling-the-security-coffee/article/709470/

Building application security in from start to finish - SD Times Article

I was interviewed by SD times website. Attached is the link for the interview posted on October 1st 2017.

http://sdtimes.com/building-application-security-start-finish/

Search Files and Copy to a Folder

It has been a herculean task creating, updating Visio since I got a Windows Virtual Machine from my company for my Mac. Sharing folders, the virtual machine crashing, copying back and forth, and the numerous folders I had were making things even worse.

So, I decided to keep all windows specific files in one single folder so it would be easy to share those specific folders and manage them. When I did a quick search for Visio files, found out over the years I had created literally 100's of them. You can imagine copying them one by one based on if I even need them or not.

Being a automation queen, I decided to use the same. A simple command run once, search all files and copy them. Hurray. Below is the command if you are looking for something similar.


msubbarao$ find . -name "*.vsd" -type f -exec cp {} /Users/msubbarao/Documents/development/visio-diagrams \;

Once this worked, I used the same for all my powerpoint and went a step ahead. 

Meera:~ msubbarao$ find . -name "*.ppt*" -type f -exec cp {} /Users/msubbarao/Documents/development/presentations \;

Now that I have this in my blog, I can revisit this commands and get anything copied in one simple command. Yay to technology!

Building your DevSecOps pipeline: 5 Essential Activities

Published an article on building your #DevSecOps pipeline: 5 essential activities http://bit.ly/2tWJU1G on my company's blog. Read at your leisure, share your thoughts.

Software Test Professionals Fall Conference 2017, September 26 – 29

I will be speaking in the Software Test Professionals Fall Conference 2017, September 26 – 29, held in the DC Metro Area on Risk Based Security Testing. It is a 60 minute session.

 Below is the link to my speaker page.
 Speaker - Meera

And the link to the conference page:

STP Conference

Building security into the DevOps life cycle

A new eBook I wrote for my company has just been published. Download a copy from the company website.

The primary goal when breaking the build in the CI/CD DevOps life cycle is to treat security issues with the same level of importance as quality and business requirements. If quality or security tests fail, the continuous integration server breaks the build. When the build breaks, the CI/CD pipeline also breaks. Based on the reason for the broken build, appropriate activities such as architecture risk analysis (ARA), threat modeling, or a manual code review are triggered.
This eBook provides actionable insight into:

•  Building security into your DevOps SDLC 
• Understanding the relationship between security and quality in the CI/CD pipeline 
• Coordinating various teams to ensure that the process is well defined, tools are properly configured, and developers are ready to resolve issues when the build breaks

Download the eBook from here:

CI-CD DevOps Lifecycle

New Apache Struts 2 Zero-Day Vulnerability: What You Need to Know

Synopsys just published an article about the critical Struts 2 vulnerability. Read to know how to mitigate the same.

https://blogs.synopsys.com/software-integrity/2017/03/10/apache-struts2-zero-day-vulnerability/