ISSA Silicon Valley Chapter – (August 20) The Silicon Valley chapter of ISSA (Information Security Systems Association), (SV-ISSA), welcomes industry experts to meet with and present topical issues to our membership. This set of presentation guidelines will assist us in reviewing your material for approval by the board of the Silicon Valley chapter of ISSA. ZeroNorth CTO John Steven will be presenting
“Shift RIGHT to Fix Earlier; What Thought-leading SecDevOps Organizations are ACTUALLY Doing”
Vendors and firms do a lot of DevOps ‘in name only’. Those really changing their culture are fundamentally changing their risk management paradigm – from one of proactive governance through security assurance to one of continuous collection of security telemetry and resilient delivery pipelines. What does that mean in practice? This presentation provides a software security framework and conclusions resulting from a survey of twenty luminary organizations practicing what they preach in DevOps culture. It will focus on those security activities and tools DevOps shops _actually_ use and get value from, based on data from the aforementioned survey of twenty luminary organizations. As compared to how traditional shops address vulnerabilities, survey data tends towards real-time telemetry of cloud configuration, container integrity, and user/system behavior. Vulnerabilities themselves tend away from the “OWASP Top 10” and towards account fraud, asset theft and platform abuse. Attendees will walk away with a better understanding of, and ideally different perspective on, security tools and activities available to them. More>>
