Security Architecture in DEVOPS
Title:
Security Architect, slayer of dragons defenders of the realms and protectors of the cybersecurity automation
Synopsis:
The talk will take the audience on a journey from the origin of the security architecture, the challenge of cloud security and the role of an architect in the dev-sec-ops world.
The talk explains the difference between traditional command and control governance and the solution to avoid starving automation and innovation with traditional security governance
We will explore:
Security Gates and why they do not always work in dev-ops
Automation how-tos:
How to deploy cybersecurity at scale
Why is important to know how to deal with people
Automation in the pipeline is the king
If time is available the talk will explore some additional lesson learned
rough length: compressed version 30 min normally 50 min or workshop format
Audience Take Away:
How to build a cybersecurity programme with architecture at the heart
how to do traditional security governance
how to mix governance and agile development as well as dev sec ops
how to extract patterns from existing design
the value of design principle patterns and why they are key to go fast.
how and when to use tools (SAST/DAST) and when to engineer
26. Cyber Security Awards 2020
Cloud Security Influencer of the Year
Submission – 10 of May 2020 (TBD)
Ceremony 4 July
2020
#CYSECAWARDS20https://cybersecurityawards.com/
https://cloudsecurityalliance.org.uk
Submit: info@cybersecurityawards.com
Info:
The Whole concept relies on license to operate: if you promote good code, you good to go
How to verify:
Thresholds for reduction of vulnerabilities (Dashbaords)
Thresholds for Build VS fix
Scanners output in jira
Teams triage and remediated locally to the pod
If something can’t be updated/remediated than risk assessment (not covered here)
Application/Product owner (empowered by Pods and Security Champions) decide how many vulnerabilities to fix at every sprint