Cloud Security

Tuesday, February 8, 2022

- PST
PRO TALK (CloudWorld): DevOps Worked… Why Hasn't Security Kept Up?
Join on Hopin
Joni Klippert
Joni Klippert
StackHawk, Co-Founder & Chief Executive Officer

DevOps has changed the way software is built, delivered, and operated in production. Features are pushed out faster than ever before, applications are more resilient, and improvements in the development pipeline have given engineers the power to own the complete delivery of their application.

Behind the improvements that we have seen from the advent of the DevOps movement are DevOps teams, cultural shifts, and tooling that was built to serve the engineers themselves. While the world has shifted left and a best-in-class standard has been established for software engineering, application security has remained stagnant. 

- PST
PRO TALK (CloudWorld): Kubernetes Security Workshop
Join on Hopin
Avinash Desireddy
Avinash Desireddy
Mirantis, Sr. Solutions Architect

Are you worried about granting too much access to resources on your Kubernetes cluster? With the extensible framework of Kubernetes, there is scarcely a day without a new tool popping up. In order to ensure the tools, users, and applications have appropriate security policies, a streamlined onboarding process is required.

The onboarding process not only streamlines how securely we can grant access but also enables self-service capabilities improving the user experience.

In this workshop, audiences will get a good understanding of common pitfalls and how to avoid them by leveraging the Role-Based architecture approach, pod security policies, admission controllers, policy enforcement through OPA, etc.

Wednesday, February 9, 2022

- PST
PRO TALK: How DevSecOps Can Efficiently Drive Compliance
Join on Hopin
Justin Beals
Justin Beals
Strike Graph, CEO and Cofounder

During this session, we will guide the audience on the important role that DevSecOps has to effectively and efficiently drive and support cybersecurity compliance for enterprises. Specifically, we will explain how achieving a cybersecurity audit can help businesses focus their efforts on driving revenue and sales. We’re experts on the topic -- our team at Strike Graph takes customers from zero to 100 by helping their teams (like DevSecOps) to manage and automate important audits effectively and efficiently.

We will share tips and insights to help you maximize efficiency for compliance, such as:

What is DevSecOps really?
Why is security operations a revenue issue?
What is the lifecycle and distribution of security activities?
How to scope and operationalize security from a technology executive perspective.
What are security controls and how do I avoid “Security Theater”?
How to automate procedures and drive DevSecOps towards effective security.
How to take credit for your security practices that drive towards valuable certifications.
How to manage your auditor as opposed to being managed by your auditor.

- PST
PRO TALK (CloudWorld): Zero Trust DevSecOps — A New Path For Application Security
Join on Hopin
Anant Misra
Anant Misra
ArmorCode, Co-founder & CTO

Coined in 1994, “Zero-trust” has only recently come into focus as a powerful tool to combat the recent explosion of cybersecurity attacks. In short, the concept advocates a default posture to deny access under the assumption that nothing in the IT infrastructure can be fully secured. But how does Zero Trust relate to DevSecOps and how can developers work within a Zero Trust framework while still maintaining agility and flexibility? In this session, Anant Misra will guide developers through best practices for upholding Zero Trust principles throughout the application development lifecycle.

Attendees will learn:

1. What Zero Trust DevSecOps means, why it is important, and how it can be used to proactively combat cyberattacks
2. How to set up Zero Trust DevSecOps in their organization
3. How to create a holistic Zero Trust DevSecOps strategy that doesn’t slow down development or release timelines