Agile + DevOps East 2018 - Security | TechWell

Conference archive

Agile + DevOps East 2018 - Security

Monday, November 5

MD

Tools for DevSecOps

New
Add to calendar
Monday, November 5, 2018 - 8:30am to 12:00pm

DevOps is about creating alignment across the value stream for an application, service, or product. DevSecOps integrates security into this process, making the entire team responsible for delivering secure code that works and can be deployed and used securely. But how do you actually do that? What tools do you add to your DevOps pipeline to help make your software secure and provide your stakeholders with a high level of confidence that the software meets all security requirements & standards? In this tutorial Tom Stiehm will explore what security tools you can add to your DevOps...

Wednesday, November 7

Seth Vargo
Google
DW3

Modern Security with Microservices and the Cloud

Add to calendar
Wednesday, November 7, 2018 - 11:30am to 12:30pm

It's great that you've moved to microservices, but how are you handling security and distributing secrets? Traditional architectures use perimeter-based security, but you can't exactly wrap the cloud in your own personal firewall. Many organizations are practicing "lift and shift" to leverage the cloud, but then find themselves at the end of failed compliance audits. Seth Vargo will highlight the new security challenges associated with using cloud technologies and microservices, then showcase techniques for solving those challenges. Using HashiCorp Vault, a free and open source secrets...

DW4

DevSecOps - Security at the Speed of DevOps

Add to calendar
Wednesday, November 7, 2018 - 1:30pm to 2:30pm

Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. What's needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. This requires that security specialists become self-service toolsmiths and advisors and stop thinking of themselves as gatekeepers. Larry guides you through the characteristics of...

Thursday, November 8

Gene Gotimer
Coveros, Inc.
DT7

Experiences Bringing Continuous Delivery to the DoD and DHS

Add to calendar
Thursday, November 8, 2018 - 1:30pm to 2:30pm

Not every continuous delivery initiative starts with someone saying, "Drop everything. Let's do DevOps." Sometimes you have to grow your practice incrementally. Sometimes, you don’t set out to grow a practice at all—you are just fixing problems with your process, trying to make things better. Join Gene Gotimer as he walks through two case studies, one from the Department of Defense and one from the Department of Homeland Security, that took different avenues to get to agile and DevOps. Learn about the journey each organization took, the tools used to build quality into the products,...

Curtis Yanko
Sonatype
DT8

DevSecOps in the Age of Containers

Add to calendar
Thursday, November 8, 2018 - 1:30pm to 2:30pm

As IT shops look to move their workloads into containers and the cloud, their initial concerns often center around the security implications. Containers do force us to change how we think about securing our application, but they also offer exciting new opportunities. Curtis Yanko will explore the security concerns that come along with containers and take a deep dive into container composability and how modern tooling makes it possible to automate security and compliance concerns across the entire application stack. Curtis will share a project via GitHub that has a reference Jenkins...

Eric Sheridan
WhiteHat Security
DT11

Serverless Security: Overcome Architectural Security Challenges

Add to calendar
Thursday, November 8, 2018 - 3:00pm to 4:00pm

Serverless architectures take the idea of microservices to the extreme. To implement secure serverless architectures, you have to understand how to compartmentalize programs at the function level. You also need to factor in security practices: Serverless architectures are susceptible to traditional attacks such as SQL injection and command injection, along with a wide variety of privilege escalation and sensitive data disclosure attacks. Developers must consider what would happen if an attacker attempted to invoke each of their functions directly. What if one of those functions were to...