On November 4th and 5th, 2019, a two-day meeting of the minds will take place among information security experts in Denver, Colorado at the SANS DevOps & Security Summit. Here, leading experts from prominent organizations will delve into current issues around DevOps, cloud services and the security challenges traditional organizations are facing amid evolving velocity and threats.
ZeroNorth’s Chief Technology Officer, John Steven, will explore new thinking on approaches and tools for improving security across applications and infrastructure, including how to achieve meaningful change within a DevOps culture. According to John, taking time to understand this shifting risk management paradigm is “profoundly positive, as it affects the way security is delivered to an organization.” From proactive governance to security assurance to resilient delivery pipelines, businesses today must learn to “practice what they preach” in DevOps.
In addition to current popular tools and processes, Steven will also discuss changes to security staffing and how certain methodologies can align more effectively with development and scalability challenges.
As DevOps grows more agile, and software development becomes less linear, “shifting right” to increase the oversight during deployment, monitoring processes more closely, analyzing log data and testing throughout production has become critical. Using data from a recent BSIMM study with 20 luminary organizations with strong DevOps, John will sketch out a software security framework with the power to revolutionize how traditional shops address and manage vulnerabilities through real-time telemetry of cloud configuration, container integrity and user/system behavior.
Aside from the standard OWASP Top 10 security risks, such as injection, broken authentication and sensitive data exposure, John also will offer up a fresh perspective on different vulnerabilities like account fraud, asset theft and platform abuse. Participants will leave the presentation with a deeper understanding of today’s security tools and how organizations can implement them with greater efficacy and success.
For more information on how to manage vulnerabilities through the software development lifecycle, please watch this webinar.
If you’d like to set up time for a conversation with John at the Summit, please contact us.