BSides London 2021 BSides London 2021
Join event to build your agenda.

Securing Cloud Delivery Pipelines - Findings from a blue team/red team security simulation

Track 2

Foo is a Lead technology consultant specialised in Cyber Security. With a background as a full-stack developer, Foo helps organisations to better integrate security into high performing software delivery organisations.

As public cloud adoption continues to grow across government applications and services, it is now more critical than ever to understand the limits afforded by cloud security controls.

To help us better understand the security and risk implications of new paradigms such as continuous delivery pipelines and infrastructure as code, a blue/red team simulation exercise was undertaken.

As the tech lead of the blue team, I’ll present the context of the exercise and the threat model we developed for it, then discuss what worked and failed in defending the pipeline from a red team in possession of engineers’ credentials.