Tuesday, February 8, 2022
DevOps has changed the way software is built, delivered, and operated in production. Features are pushed out faster than ever before, applications are more resilient, and improvements in the development pipeline have given engineers the power to own the complete delivery of their application.
Behind the improvements that we have seen from the advent of the DevOps movement are DevOps teams, cultural shifts, and tooling that was built to serve the engineers themselves. While the world has shifted left and a best-in-class standard has been established for software engineering, application security has remained stagnant.
Are you worried about granting too much access to resources on your Kubernetes cluster? With the extensible framework of Kubernetes, there is scarcely a day without a new tool popping up. In order to ensure the tools, users, and applications have appropriate security policies, a streamlined onboarding process is required.
The onboarding process not only streamlines how securely we can grant access but also enables self-service capabilities improving the user experience.
In this workshop, audiences will get a good understanding of common pitfalls and how to avoid them by leveraging the Role-Based architecture approach, pod security policies, admission controllers, policy enforcement through OPA, etc.
Wednesday, February 9, 2022
As of 2017, 90 percent of public clouds workloads ran on Linux. Linux allows organizations to make the most of their cloud-based environments and power their digital transformation strategies. Many of today’s most cutting-edge cloud-based applications and technology run on Linux, making it a critical area of modern technology to secure.
According to a recent Linux Threat Report, most threats arise from systems running end-of-life versions of Linux distributions. This includes 44 percent from CentOS versions 7.4 to 7.9. In addition, 200 different vulnerabilities were targeted in Linux environments in just six months. This means attacks on Linux are likely taking advantage of outdated software with un-patched vulnerabilities.
This session will reveal steps you can take to ensure the security across workloads and cloud presence powered by Linux and how to effectively respond to the possible threats.
Join Aaron as he walks through the data, speaks to the threat, and highlights the top three mitigation strategies for all enterprises.
Attendees will learn:
• How to utilize free Linux native tools including Iptables, seecomp, PaX, etc., for configuration assessment, vulnerability patching and activity monitoring.
• Simple steps you can take to secure containers effectively.
• Best practices in Appsec, including testing, scanning and Open Source (SCA).
During this session, we will guide the audience on the important role that DevSecOps has to effectively and efficiently drive and support cybersecurity compliance for enterprises. Specifically, we will explain how achieving a cybersecurity audit can help businesses focus their efforts on driving revenue and sales. We’re experts on the topic -- our team at Strike Graph takes customers from zero to 100 by helping their teams (like DevSecOps) to manage and automate important audits effectively and efficiently.
We will share tips and insights to help you maximize efficiency for compliance, such as:
What is DevSecOps really?
Why is security operations a revenue issue?
What is the lifecycle and distribution of security activities?
How to scope and operationalize security from a technology executive perspective.
What are security controls and how do I avoid “Security Theater”?
How to automate procedures and drive DevSecOps towards effective security.
How to take credit for your security practices that drive towards valuable certifications.
How to manage your auditor as opposed to being managed by your auditor.
Coined in 1994, “Zero-trust” has only recently come into focus as a powerful tool to combat the recent explosion of cybersecurity attacks. In short, the concept advocates a default posture to deny access under the assumption that nothing in the IT infrastructure can be fully secured. But how does Zero Trust relate to DevSecOps and how can developers work within a Zero Trust framework while still maintaining agility and flexibility? In this session, Anant Misra will guide developers through best practices for upholding Zero Trust principles throughout the application development lifecycle.
Attendees will learn:
1. What Zero Trust DevSecOps means, why it is important, and how it can be used to proactively combat cyberattacks
2. How to set up Zero Trust DevSecOps in their organization
3. How to create a holistic Zero Trust DevSecOps strategy that doesn’t slow down development or release timelines
The Shift Left paradigm is broken. If companies start moving their controls to the left, they miss out on their actual security posture in production. If they deploy tools in the CI/CD in addition to the tools running in production, it creates complexity and inefficiency as they get different results from different tools and struggle with duplicate exception flows and lack of visibility across. A new approach is required!
In this talk, Ami will review Log4shell and other recent real world incidents, analyze where legacy approaches fail and present a new paradigm to cloud security: “look to the right and shift to the left.” Companies deploy a single policy across the stack, with central visibility across the process, creating a new and efficient way for security teams to work with dev teams.