DevSecOps: Key Controls For Modern Security Success (breakout 1)




Modern development teams deliver features at a rapid pace using new technologies such as containers, microservices, and serverless functions. Operations and infrastructure teams support these rapid delivery cycles using Infrastructure as Code, Test Driven Infrastructure (TDI), and cloud automation. However, security teams are using traditional security approaches that don’t keep up with the rate of accelerated change. Security must be reinvented in a DevOps world by taking advantage of the opportunities provided by continuous integration and delivery pipelines.

This talk will introduce attendees to 5 key phases of DevOps: pre-commit, commit, acceptance, production, and operations. In each phase, we identify the key security controls and discuss several open source tools for implementing the controls. Attendees will walk away with a practical and modern approach for building a successful DevSecOps program.

Speaker

eric-johnson

Eric Johnson

 

Eric Johnson is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. Eric’s extensive experience includes

...