Agile + DevOps Virtual 2020 - Security
Before You Go!
Don't Miss Special Offers and Program Updates Straight to Your Inbox (Opt-Out at Any Time)!
Wednesday, November 11
DevSecOps for Managers, Executives, and Mere Mortals
DevSecOps isn’t meant for just Gods and Unicorns, it is for mere mortals as well. One of the challenges we have in using Application Security practices is where to start, how to get value, i.e., be successful with initial efforts, and how to build on that success. The world is being driven more and more by network-connected applications and services that are constantly under attack from the curious and malicious. By simply adding steps to your pipeline, you can iteratively add AppSec practices to your process and dramatically increase the security of your software. Join Tom as he lays out...
Wednesday, November 18
Blameless Retrospectives in DevSecOps at Global Healthcare Giants
Implementing a scalable DevOps program can seem like an impossible task at times. Add security into the mix and the challenge can appear insurmountable. Organizations around the world have come to realize the potential business impacts of adopting DevSecOps and how it can enable engineers to deliver more value to the market faster. While the prospect of transformation seems alluring, a great number of organizations are still unsure of where to start, what’s involved, how much it will cost and how to achieve success. Discussing our triumphs and tragedies not only bring clarity, but champion...
The Science of Compliance - Early Code to Secure Your Node
We all know that the earlier in the software development process, you start testing, the more money and time you save in the long run. This is the case not only with the coding process, but also with securing your systems. In this talk, we’ll talk about the difference between compliance and security, and how adding compliance is a measurable and repeatable way to make code more secure. We will discuss tools and methodologies for integrating compliance and inserting compliance checking at various places in the development process, starting with a compliant infrastructure, and continuing...
Usability vs. Security: Having Your Cake and Eating It Too
In today’s rapidly changing marketplace, the usability of software is paramount to its adoption and success. However, we also recognize the need for solutions to have resiliency and security. How do you successfully navigate the tradeoffs between usability and security? Simple… you don’t! Instead of choosing one or the other, reject the false tradeoff and instead find ways to embrace both security and usability in your DevSecOps processes. Join Peter Hesse as he discusses strategies for getting security and user experience teams to work closely together, enabling the creation of better...
A Modern Approach to Managing and Securing Your Open Source Dependencies
Ninety-two percent of applications contain open source components. Without careful maintenance, organizations open themselves up to exploits from malicious actors. Known vulnerabilities in an open source library can increase risk of compromise despite a development team’s best efforts and intentions. Relying on scanning tools to point out potential issues is not enough if you don’t also have a strategy in place to ensure those issues can be resolved. In this talk we’ll share a modern approach DevSecOps teams can use to better manage and secure their open source dependencies, ensuring...
Thursday, November 19
So Happy Together: Making the Promise of DevSecOps a Reality
It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application...
DevSecOps: Essential Pipeline Tooling To Enable Continuous Security
As we embrace DevOps to optimize our Agility, we need to move away from slow, manually intensive processes into more of a continuous flow of software into production. Whether we are doing true "Continuous Deployment" straight to production or not, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). What we need is the visibility to know that our code is secure enough to pass muster every day. What we need is continuous security.
The DevSecOps movement is...
DevSecOps Culture: Laughing Through the Failures
Rolling out DevOps + Security has its series of pitfalls. In this talk, we’ll explore real-world challenges, sprinkling in a bit of humor on behalf of the Internet, and work out the solutions to how to avoid these pain points using security culture. Examples include individuals with a non-collaborative mindset (not playing nice), security tools that provide zero value in the pipeline, old school thinking concerning requirements, the inability to perform threat modeling at DevOps speed, and many more. You’ll experience what can go wrong, to expose how to do things right.
Go Beyond DevSecOps to Continuous Security
Continuous. If you have been around DevOps for any length of time then you have heard this term. As in Continuous Integration, Continuous Build, Continuous Deployment, Continuous Delivery, Continuous Testing, Continuous Planning among others. Now we are living in a time when personal and data privacy matters more than ever, and so one "Continuous" is rising to the forefront: Continuous Security.
But what really IS Continuous Security? Is it simply a notion of running scans and tests as part of a pipeline and reporting vulnerabilities? We think it is much more then that. For years...