Saturday, November 13, 2021
As public cloud adoption continues to grow across government applications and services, it is now more critical than ever to understand the limits afforded by cloud security controls.
To help us better understand the security and risk implications of new paradigms such as continuous delivery pipelines and infrastructure as code, a blue/red team simulation exercise was undertaken.
As the tech lead of the blue team, I’ll present the context of the exercise and the threat model we developed for it, then discuss what worked and failed in defending the pipeline from a red team in possession of engineers’ credentials.
Download these images to your phone and post using the Instagram app.