Our CTO John Steven will be delivering the keynote at the SANS Cloud & DevOps Security Summit, 11/4 @ 9:15.
Shift RIGHT to Fix Bugs Earlier: Security in a DevOps World
Vendors and firms do a lot of DevOps ‘in name only’ because it gets them in the cool club. Those really changing their culture are fundamentally changing their risk management paradigm – from one of proactive governance through security assurance to one of continuous collection of security telemetry and resilient delivery pipelines. What does that mean in practice? This presentation provides a software security framework and conclusions resulting from a survey of twenty luminary organizations practicing what they preach in DevOps culture. We will explore the tools and activities people have come to rely on, the changes to staffing security and aligning them with development and the remaining challenges that impede scale.
Technically, content will focus on those security activities and tools DevOps shops _actually_ use and get value from, based on data from the aforementioned survey of twenty luminary organizations. As compared to how traditional shops address vulnerabilities, survey data tends towards real-time telemetry of cloud configuration, container integrity, and user/system behavior. Vulnerabilities themselves tend away from the “OWASP Top 10” and towards account fraud, asset theft and platform abuse. The audience will walk away with a better understanding of, and ideally different perspective on, security tools and activities available to them
