DeveloperWeek Global: Cloud 2020 DeveloperWeek Global: Cloud 2020

Cloud Security

Wednesday, September 30, 2020

- PDT
OPEN TALK: A Live Simulation of Advanced Cloud Misconfiguration Attacks
Join on Hopin
Josh Stella
Josh Stella
Fugue, Founder and CTO

Cloud misconfiguration is now the leading cause of cloud-based data breaches, typically due to a lack of secure cloud architecture practices. Because cloud infrastructure is 100% software, cloud security is a software engineering problem, not a traditional security analysis problem. In order to prevent data breaches in the cloud, we must address it with secure software architecture right from the start.

In this talk, Josh Stella will run a live simulation of an advanced cloud misconfiguration exploits to show a number of ways common cloud architectural anti-patterns create opportunities for hackers to gain entry to cloud environments, move laterally using tools like IAM services, and ultimately discover and breach data. Many of the misconfigurations exploited won’t be flagged by compliance scans and often aren’t considered risky by security teams.

At each step, Josh will share alternative approaches to architecting cloud infrastructure services to ensure our applications run efficiently while denying bad actors the tools and means to exploit them. Attendees will leave with actionable insights to evaluate their own cloud environment for misconfiguration vulnerabilities, how to address them, and how to bake secure cloud architecture approaches into software development.

- PDT
PRO SESSION: Kubernetes Security
Join on Hopin
Garland Kan
Garland Kan
ManagedKube, CEO and co-founder

Demystifying Kubernetes Security - Our journey from a legacy platform to Kubernetes

Through our consulting engagements the last couple of years, we have found that talking about security is very vague. People have different ideas of what they want they talk about and the terminologies from ops to security ops is a little different also. We wanted to make this conversation concrete and have created diagrams we use to talk about migrating and securing down Kubernetes from the legacy world to Kubernetes based upon this work we are doing: https://github.com/ManagedKube/kubernetes-ops/tree/kube-security-diagrams/docs/kubernetes-security

We will talk through these diagrams and explain in a concrete way what security looked like before to, how it maps to this new Kubernetes world, and what new security measures should be taken.

- PDT
PRO SESSION: Why Developers Struggle With AppSec
Join on Hopin
Scott Gerlach
Scott Gerlach
StackHawk, Chief Security Officer

We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone - putting the culture, processes, and tooling into place to make this happen is tough. Join StackHawk CSO Scott Gerlach as he shares his triumphs and failures while building DevSecOps practices and tools at companies such as GoDaddy, SendGrid, and Twilio. Dig into specific reasons why developers struggle with AppSec and what you can do to make it better.