Agile + DevOps East 2018 - Security | TechWell

Conference archive

Agile + DevOps East 2018 - Security

Customize your Agile + DevOps East 2018 experience with sessions covering security for software developers and testers.

Wednesday, November 7

Seth Vargo
Google
DW3

Modern Security with Microservices and the Cloud

Add to calendar
Wednesday, November 7, 2018 - 11:30am to 12:30pm

It's great that you've moved to microservices, but how are you handling security and distributing secrets? Traditional architectures use perimeter-based security, but you can't exactly wrap the cloud in your own personal firewall. Many organizations are practicing "lift and shift" to leverage the cloud, but then find themselves at the end of failed compliance audits. Seth Vargo will highlight the new security challenges associated with using cloud technologies and microservices, then showcase techniques for solving those challenges. Using HashiCorp Vault, a free and open source secrets...

DW4

DevSecOps - Security at the Speed of DevOps

Add to calendar
Wednesday, November 7, 2018 - 1:30pm to 2:30pm

Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. What's needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. This requires that security specialists become self-service toolsmiths and advisors and stop thinking of themselves as gatekeepers. Larry guides you through the characteristics of...

Thursday, November 8

Laura Burke
IHS Markit
AT6

Make Agile Work for Any Team

Add to calendar
Thursday, November 8, 2018 - 11:30am to 12:30pm

Are parts of your organization embracing agile while others become more resistant, disconnected, or frustrated by the idea? Or maybe your team wants to be more agile but it isn’t sure how to get started because it’s not a typical development team. Agile has been moving out of software and being embraced by nondevelopment teams for years, but it’s not always a great experience. How can we make the best parts of agility relevant to any team? This hands-on session will show you how to start teams down the path to “being agile” by taking a teamwork-centered approach. With examples from a...

Suzette Johnson
Northrop Grumman
Robin Yeman
Lockheed Martin
AT12

Commonalities of Agile and DevOps Transformations for Large Organizations

Add to calendar
Thursday, November 8, 2018 - 1:30pm to 2:30pm

As the adoption of agile and DevOps have been steadily growing over the years, many organizations have been taking a proactive approach to prepare for the changes needed for success. This means giving people the skills and resources they need to be successful, working with customers and users for improved collaboration and transparency, and providing teams with the tools and infrastructure to enable continuous flow of value. Are there commonalities across organizations that others can learn from to support their journeys? Join Robin Yeman and Suzette Johnson as they provide an interactive...

Gene Gotimer
Coveros, Inc.
DT7

Experiences Bringing Continuous Delivery to the DoD and DHS

Add to calendar
Thursday, November 8, 2018 - 1:30pm to 2:30pm

Not every continuous delivery initiative starts with someone saying, "Drop everything. Let's do DevOps." Sometimes you have to grow your practice incrementally. Sometimes, you don’t set out to grow a practice at all—you are just fixing problems with your process, trying to make things better. Join Gene Gotimer as he walks through two case studies, one from the Department of Defense and one from the Department of Homeland Security, that took different avenues to get to agile and DevOps. Learn about the journey each organization took, the tools used to build quality into the products,...

Curtis Yanko
Sonatype
DT8

DevSecOps in the Age of Containers

Add to calendar
Thursday, November 8, 2018 - 1:30pm to 2:30pm

As IT shops look to move their workloads into containers and the cloud, their initial concerns often center around the security implications. Containers do force us to change how we think about securing our application, but they also offer exciting new opportunities. Curtis Yanko will explore the security concerns that come along with containers and take a deep dive into container composability and how modern tooling makes it possible to automate security and compliance concerns across the entire application stack. Curtis will share a project via GitHub that has a reference Jenkins...

AT18

Limitless by Choice: Discover Your Team's High-Performing Potential

Add to calendar
Thursday, November 8, 2018 - 3:00pm to 4:00pm

Every one of us has the potential to be limitless in our careers, personal life, and everything in between! Yet most of us—yes, including you—are only achieving a fraction of what you are capable of. We all want more, but we aren’t sure how to go get it. This session will be an interactive and practical guide to breaking through all the things that limit you and will kickstart your journey to a limitless life. Jessica Soroky will introduce activities from the personal development program Limitless by Choice and address the potential all teams have to be high-performing when they start...

Eric Sheridan
WhiteHat Security
DT11

Serverless Security: Overcome Architectural Security Challenges

Add to calendar
Thursday, November 8, 2018 - 3:00pm to 4:00pm

Serverless architectures take the idea of microservices to the extreme. To implement secure serverless architectures, you have to understand how to compartmentalize programs at the function level. You also need to factor in security practices: Serverless architectures are susceptible to traditional attacks such as SQL injection and command injection, along with a wide variety of privilege escalation and sensitive data disclosure attacks. Developers must consider what would happen if an attacker attempted to invoke each of their functions directly. What if one of those functions were to...