Looking for a specific timezone? We have it covered...

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

DevSecOps: Automated Security [clear filter]
Wednesday, October 17

4:00am EDT

Container Security Monitoring Using Open Source
The world is advancing towards accelerated deployments using DevOps and cloud native technologies. In this talk we will see how to monitor for security events using open source solutions to build an actionable monitoring system for Docker and Kubernetes.

Wednesday October 17, 2018 4:00am - 4:30am EDT
Live, Online

4:30am EDT

The Shift To Rugged DevOps
Putting Developers and IT-Pros in one team does not make it a DevOps team. And even when they work smoothly together there is always Security that needs to be addressed. Build and Release Pipelines take care of building and deploying your application, but are your pipelines secure? And the code that you are deploying? With many releases a day, security officers will not be able to verify each release. Rugged DevOps is all about securing your assets and your pipeline and really embed Security in to your DevOps process. In this talk I will guide you through the concepts of Rugged DevOps, the risks companies are currently facing and talk about some strategies and tools which can help you embed security in to your DevOps processes.

avatar for René van Osnabrugge

René van Osnabrugge

DevOps Consultant, Xpirit
René is always looking for improvements on all fronts. By using modern technology, implementing Continuous Delivery, DevOps practices and coaching in the domain of Scrum and Agile, he helps companies improve their software delivery process. René is an active blogger and speaker... Read More →

Wednesday October 17, 2018 4:30am - 5:00am EDT
Live, Online

5:00am EDT

Common Vulnerabilities & Exposures (CVE) In Docker Containers
CVEs are the standard source for vulnerability details and descriptions. Security professionals use CVEs to understand vulnerabilities and what can be done to prevent them.Securing application containers requires a security strategy which includes analyze and audit docker images layer by layer.

avatar for Jose Manuel Ortega Candel

Jose Manuel Ortega Candel

Software Engineer
https://www.packtpub.com/networking-and-servers/mastering-python-networking-and-security">I am Software Engineer and security researcher with focus on new technologies, open source, security and testing. My career target has been to specialize in Python and security testing projects... Read More →

Wednesday October 17, 2018 5:00am - 5:30am EDT
Live, Online

5:30am EDT

Blue By Default - Extract The Value From Security Investment
DevSecOps just crept up on you like some sneaky Uber hacker and rooted all your shit! Boom! Now you’re blue by default and trying to catch up! Where do you start and what can you do today.

avatar for Aubrey Stearn

Aubrey Stearn

Head of DevOps, Consultant
I’m Aubrey, if you’re in the DevOps scene in the U.K., you might have seen me about sweating on stage. I love what I do, I love the DevOps movement and more than anything I love my own brand of DevOps which is a completely picture of code to done with dev owning the whole process... Read More →

Wednesday October 17, 2018 5:30am - 6:00am EDT
Live, Online

6:00am EDT

Hope Is Not Strategy
To enable the needed pace of development in DevSecOps, all steps along the chain have to be reorganized. People tend to forget that changing paradigms also requires a change of the modus operandi. We settled “best practices” and rely on the principle of hope for the rest. Ostrich mode enabled!

avatar for Nicolas Byl

Nicolas Byl

Senior IT Consultant, codecentric AG
Nicolas Byl gained his first hands-on experiences at developing distributed systems during his studies in medical informatics. When he’s not building cloud-native infrastructures for application development, he’s teaching codecentric AG customers about kubernetes and the benefits... Read More →
avatar for Kevin Wennemuth

Kevin Wennemuth

Senior Consultant/Developer, Codecentric
Kevin Wennemuth Always on the run for disruptive technologies. With about 20 years of experience in information technology, Kevin is an incubator for state-of-the-art IT concepts. Well grounded in the financial and banking sectors, Kevin is a driver on continuous security, compliance... Read More →

Wednesday October 17, 2018 6:00am - 6:30am EDT
Live, Online

6:30am EDT

DevSecOps At Scale - How Team Autonomy Helps The Enterprise Stay Secure
The train to true team autonomy has just left. Jump on it to hear the best practices and lessons learned from ABN-AMRO on their journey to create the best performing software as secure as possible. This talk highlights the way forward of this journey and covers the security of the adoption of the latest (Cloud) technologies. Join us to learn more about a lot of exiting topics such as container security, secrets management and lots more.

avatar for Wiebe de Roos

Wiebe de Roos

CI/CD Consultant/Engineer, ABN AMRO
Wiebe de Roos has more than 10 years of experience in various IT-related roles like (Java) developer and ICT consultant. He worked for different companies both in The Netherlands and abroad. Currently he is being hired by ABN-AMRO as a CI/CD Consultant / Engineer with a strong focus... Read More →
avatar for Dominik de Smit

Dominik de Smit

Software Security Consultant, Araido
Dominik de Smit is a software security consultant focusing on helping organizations secure their software development lifecycle. With a background in software engineering, management and software security he combines best of both worlds. He advised large financial, healthcare and... Read More →

Wednesday October 17, 2018 6:30am - 7:00am EDT
Live, Online

7:00am EDT

Progressive Testing To Meet The Performance Imperative
Scalability, reliability, and early defect prevention are the new architectural imperative for engineering teams. Traditional testing practices don't always fit modern delivery paradigms. In this talk, we'll explore how to right-fit performance feedback loops into automated delivery pipelines.

avatar for Paul Bruce

Paul Bruce

DevOps Advisor, Growgistics
Paul Bruce is a DevOps advisor, helping to transform enterprise software teams and delivery practices. He currently works as a Founder at Growgistics, with the Neotys team as a Sr. Performance Engineer, and is a working group member of IEEE 2675. His research wheelhouse includes cloud... Read More →

Wednesday October 17, 2018 7:00am - 7:30am EDT
Live, Online

9:00am EDT

Continuous Authorization With DevSecOps
You may have a secure application today, but you cannot guarantee that it will still be secure tomorrow. Application security is a living process that must constantly be addressed throughout the application lifecycle. This requires continuous risk and security assessments with DevSecOps.

avatar for Hasan Yasar

Hasan Yasar

Software Engineering Institute, CMU
Hasan Yasar is the technical manager of the Secure Lifecycle Solutions group in the CERT Division of the Software Engineering Institute, CMU. Hasan leads an engineering group on software development processes and methodologies, specifically on DevOps and development; and cloud technologies... Read More →

Wednesday October 17, 2018 9:00am - 9:30am EDT
Live, Online

9:30am EDT

Show Me The Dev$ecOp$: Transitioning From Cost Center To A Revenue Center
Learn how to "crack the code" and quantify the value of your DevSecOps program, as Mark Willis from Aetna Global Security takes you through Aetna's DevSecOps journey, and leaves you with his Magic Formula that you can use after his presentation to determine the value of your own Dev$ecOp$ program!

avatar for Mark Willis

Mark Willis

Director of Aetna’s Global Security Software and Mobile Security Group, Aetna
Mark is the Director of Aetna's Global Security Software and Mobile Security Group, hosts Aetna's internal, worldwide Global Security Radio Show "Cyber Security Today," as well as the NH-ISAC Radio Show and serves as a transformation lead for Aetna's DevSecOps Program, third party... Read More →

Wednesday October 17, 2018 9:30am - 10:00am EDT
Live, Online

10:00am EDT

DevSecOps Kata
Mike Rother has been studying Toyota Production Systems (TPS) for almost three decades.  In 2009, in his book Toyota Kata, he explained how Toyota was able to achieve dominating success in the market for over 40 years using what he calls "meta-skills".  Put simply, he explained how Toyota acted like scientists in every facet of their business. Over the past few years, there have been numerous examples of how the ideas patterns and practices of Toyota Kata have been successfully used in Devops modern IT Transformations.  Leap to 2018 where there are now interesting conversations happening around Devops and Security.  This discussion has been coined as DevSecOps.  In this presentation, we are going to tie together the amazing Devops Kata work with some of the new ideas emerging with the DevSecOps discussions.

avatar for John Willis

John Willis

Senior Director, Global Transformation Office, Red Hat
John has over 35 years of experience, focusing on IT infrastructure and operations. He has helped early startups such as Chef, Enstratius (now Dell), and Docker navigate the "DevOps" movement. He is one of the original core organizers of DevOpsDays and has been a prominent keynote... Read More →

Wednesday October 17, 2018 10:00am - 10:30am EDT
Live, Online

12:00pm EDT

Don't Fear The Four Horsemen Of DevSecOps
DevOps teams are often cautious when adding security to their automated pipelines because security tools have a bad reputation of being slow and blocking. There are four must have controls that need to be integrated when moving towards DevSecOps. This talk will dig into these four controls.

avatar for DJ Schleen

DJ Schleen

DevSecOps Evangelist and Security Architect, Rally Health
DJ is a DevOps pioneer, and DevSecOps Advocate in the Healthcare industry and provides thought leadership to organizations looking to integrate security into their DevOps practices. He comes from a practitioner background and specializes in architecting DevSecOps pipelines, automating... Read More →

Wednesday October 17, 2018 12:00pm - 12:30pm EDT
Live, Online

12:30pm EDT

Mother Nature's Development Lifecycles, OR, Why The T-Rex Didn’t Get Hand Extenders
We broke Mother Nature's SDLC for humans. We have been doing ad-hoc rapid prototyping and flying by the seat of our pants for enough time that we have changed the course of evolution. Unless we slow down a little, do the analysis, design and testing, we are going off the edge of the cliff at full speed.

avatar for Chris Roberts

Chris Roberts

Chief of Adversarial Research and Engineering, LARES Consulting
Chris currently works at Lares, prior to that he’s founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception technologies, and providers of security services and threat intelligence.Since the late 90’s Chris... Read More →

Wednesday October 17, 2018 12:30pm - 1:00pm EDT
Live, Online

1:00pm EDT

Docker Image Provenance with Notary - Defending Against attacks on Docker Images and Registries
Docker Registries represent the source of truth for Docker Images, and a single point of compromise for attackers. This talk will explore work done by the community to mitigate this threat, including The Update Framework specification, Notary open source software, and Docker Content Trust.

avatar for Adam Lewis

Adam Lewis

Chief Security Architect, Motorola Solutions
Adam is the Chief Security Architect @ Motorola Solutions, which is currently innovating the future of public safety technology for first responders. He is an advocate of all things open standards and open source and is a passionate supporter of the broader technology community, speaking... Read More →

Wednesday October 17, 2018 1:00pm - 1:30pm EDT
Live, Online

1:30pm EDT

Automation Without Exposure: Securing Your DevOps Pipeline
The more dependent we become on automation, and the faster our release cycles become the harder it is to even think about security, let alone properly implement it. This talk will introduce the tools to secure your pipeline, how to automate them, and what to do with all those new reports.

avatar for Jeff Hann

Jeff Hann

Security Engineer, ResMed
I have been involved in the software industry for over a decade now, having spent the majority of time as a web and software developer I have worked additionally in DevOps and now my career has taken me into security, specifically as a security engineer for a medical device manufacturer... Read More →

Wednesday October 17, 2018 1:30pm - 2:00pm EDT
Live, Online

3:30pm EDT

Application Security Automatization and Optimization
The Government faces unique challenges in securing its software supply chain. This talk will outline the challenges and explain with a concrete example from a large biomedical research client how they can be addressed with optimized processes and smart use of technologies.

avatar for Janek Claus

Janek Claus

DevOps Capability Lead, General Dynamics Information Technology
Janek Claus is the DevOps Capability Lead for the Strategic Growth Group of General Dynamics Information Technology (GDIT). Domains he has worked in during his 25-year career in various roles along the software value chain include automobile, logistics and retail, telecommunications... Read More →
avatar for Svetlana Yazhuk

Svetlana Yazhuk

Cloud DevOps Engineer, General Dynamics Information Technology
Svetlana Yazhuk is a DevOps engineer who works for a large federal client in DC area as a member of the engineering team that develops and supports Monarch, a platform for continuous deployment of containerized web applications and sites to the Amazon Elastic Container Service.She... Read More →

Wednesday October 17, 2018 3:30pm - 4:00pm EDT
Live, Online

4:00pm EDT

SRE Needs Agile ITSM
SREs execute many processes in their daily work including Incident, Problem, Change and Service Level Management. However, the command and control approach to ITSM doesn't work for SRE's. This session speaks to an Agile approach to ITSM that supports SRE with "just enough" process.

avatar for Jayne Groll

Jayne Groll

CEO, DevOps Institute
Jayne Groll is co-founder and CEO of the DevOps Institute (DOI). Her IT management career spans over 25 years of senior IT management roles across a wide range of industries. Her expertise spans multiple domains including DevOps, Agile, ITIL and Leadership.Jayne is a recognized and... Read More →

Wednesday October 17, 2018 4:00pm - 4:30pm EDT
Live, Online

4:30pm EDT

Why Does Security Matter For DevOps?
Security does matter, and figuring out how to go about doing it can result in brain explosion. For example, the BSIMM has a list of 110+ security controls. What are the bare minimum security controls that should be in place for any DevOps organization?

avatar for Caroline Wong

Caroline Wong

Vice President, Cobalt.io
Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital. These days she helps connect DevOps companies who want to improve their cybersecurity... Read More →

Wednesday October 17, 2018 4:30pm - 5:00pm EDT
Live, Online

5:00pm EDT

WAF, ModSecurity & Core Rule Set In The DevOps World
Web Application Firewalls have become a standard part of secure web architecture. Presented by a practitioner for practitioners and the curious, his talk will explore how to use the venerable, open-source OWASP ModSecurity WAF effectively and efficiently in a modern, automated DevOps World.

avatar for Tin Zaw

Tin Zaw

Director of Security Solutions, Verizon Digital Services
Tin Zaw resides in sunny southern California, where he seeks a Zen state of mind amid the chaotic mix of technology, society and cyber threats. Wanting to make the world safer online, he gave up his beloved programming job to focus on cyber security. He is a former president of OWASP... Read More →

Wednesday October 17, 2018 5:00pm - 5:30pm EDT
Live, Online

5:30pm EDT

HTTP Security Headers - A Technology History Through Scar Tissue
Security headers are a history of digital scar tissue. Each one there because we discovered something terrible on the internet but couldn't shut it off by default. Come get a quick overview of best practice and how LendingClub's DevOps culture enables developers to drive these security choices.

avatar for Benjamin Hering

Benjamin Hering

Manager, Security Engineering, ASAPP
Benjamin Hering leads Security Engineering at ASAPP. His career focuses on leveraging technology to improve organizations and people in both the for-profit and non-profit spheres; making technology meet people where they are rather than the other way around. He graduated from Grinnell... Read More →

Wednesday October 17, 2018 5:30pm - 6:00pm EDT
Live, Online

7:30pm EDT

Fast Lane Delivery - Achieving Zero Touch With the Triangle of Automation
Faster delivery and unprecedented changes has brought a different challenge to maintain 'Quality' of systems. The trio of automation - Process, Testing and Infrastructure automation, when combined, creates a powerful ecosystem for driving Quality into the systems.

avatar for Abhijit Khan

Abhijit Khan

Practice Leader, Performance Testing & Engineering, Cognizant Australia
Abhijit Khan leads the Non Functional Testing and Engineering practice at Cognizant Australia. Abhijit is in the industry for more than 14 years and have worked previously at Kloud Solution, PricewaterhouseCoopers (PwC) and TCS. He has established the testing practice across many... Read More →

Wednesday October 17, 2018 7:30pm - 8:00pm EDT
Live, Online

8:00pm EDT

Smashing Security Bugs Towards A Banking License
It's January 2015. Tyro has given itself a year to become a bank. It's an Ambitious plan!
As a card payment processing company, it needs to raise its security posture to deal with the greater level of risk and exposure. This talk focuses on how they did that with managing their security bugs.

avatar for Edwin Kwan

Edwin Kwan

Application and Software Security Team Lead, Tyro
Edwin is the Application and Software Security Team Lead for Tyro Payments.His approach toward application and software security is to raise security awareness, provide light touch controls to the software development life cycle to increase visibility of security issues and work closely... Read More →

Wednesday October 17, 2018 8:00pm - 8:30pm EDT
Live, Online

8:30pm EDT

Being Agile In A Security World
An important trait for a security professional is being "Agile". New technologies have shifted focus from Physical, virtual, cloud and containerization. This, when coupled with Agile way of app development has made life difficult for security professionals. Can security catchup with this juggernaut?

avatar for Kumar Mathialagan

Kumar Mathialagan

Security Consultant
Kumar is an Information Security Professional with more than 14 years of experience in Security Architecture, Engineering, Compliance and Risk in the Financial and Telecommunication domain.Session: Being Agile In A Security World

Wednesday October 17, 2018 8:30pm - 9:00pm EDT
Live, Online

9:00pm EDT

Connected Feedback Loops In Application Security
There has been a movement to make security a more integral part of DevOps rather than being in conflict with it. In this talk, we will focus vulnerability and threat management tools such as SAST, DAST, SCA, SIEM and RASP and how they integrate to provide value at each stage of a DevOps workflow.

avatar for Chetan Conikee

Chetan Conikee

CEO, Shift Left
Chetan is a serial entrepreneur with over 20+ years of experience in authoring and architecting and securing mission critical software. His expertise includes building web-scale distributed infrastructure, cyber security, personalization algorithms, complex event processing, fraud... Read More →

Wednesday October 17, 2018 9:00pm - 9:30pm EDT
Live, Online

9:30pm EDT

Shift Up - Continuous Security & Feedback Loop In Production
DevOps engineering culture demands deploying code at lightning speeds. Speed equals to carelessness. And carelessness may lead to breach.

This talk is an introduction to shift up paradigm, think of it as shift left on steroids for production. Shift up enables an organization with identifying and remediating insecure code running in production including security gaps within infrastructural stack. Attack, yes you read it right attack, your own network by generating chaos and even running defensive dynamic security testing. In turn validate effectiveness of layered protective measures against application code and monitor transnational flow. By the virtue of this talk, I will attempt at answering the age-old question of, is there a necessity to integrate security technologies tools such as runtime application self-protection (RASP) or is WAF as effective tool. And last but not the least, building capabilities such as identifying external-facing assets in continuous manner and monitoring them throughout its lifecycle. All these learning from shift up capabilities in turn provides us with a feedback loop between AST tools (SAST, DAST, IAST, MAST) and layered defenses in production. This learning constantly helps us enhance protective shield against evolving attacks and ultimately gaining IT utopia.

avatar for Swapnil Deshmukh

Swapnil Deshmukh

Security Evangelist
Swapnil has more than a decade of experience in enterprise cybersecurity, including technical leadership positions in Fortune 500 financial services firms. He is a subject matter expert in the application, cloud and emerging technologies security domains. Swapnil is a co-author of... Read More →

Wednesday October 17, 2018 9:30pm - 10:00pm EDT
Live, Online

11:30pm EDT

Did You Just Break My Auth
Authentication has been a major pillar that has determined the security health of the public web. Privacy and security have all evolved to make the web a more secure place and so have the bad guys evolved with better tactics. This talk will cover how bad guys have targeted web authentication.

avatar for Aditya Balapure

Aditya Balapure

Adi Balapure is an Information Security Team Lead at Grubhub Inc and a builder, breaker and cyber defender at heart. He likes to evangelize Information Security, go after bad guys in video games and security in general, loves speaking at conferences and avid fan of pop rock music... Read More →

Wednesday October 17, 2018 11:30pm - Thursday October 18, 2018 12:00am EDT
Live, Online
Thursday, October 18

12:00am EDT

Strengthen & Scale Security Of Your Organization For A Dollar Or Less
Security is tough and is even tougher to do, in complex environments with lots of dependencies. Microservices architecture, eases the pain a bit but brings its own challenges. This talk will showcase how DevSecOps tools/techniques help in scaling security of your organization.

avatar for Mohammed Imran

Mohammed Imran

Senior Security Engineer, ZenDesk
Mohammed “secfigo” Imran is a seasoned security professional with 8 years of experience in helping organizations with their Information Security Programs. He has a diverse background in R&D, consulting and product-based industries with a passion to solve complex security programs... Read More →

Thursday October 18, 2018 12:00am - 12:30am EDT
Live, Online

12:30am EDT

DevSecOps - Securing A Great Developer Experience
In the software engineering world, change is the only constant. In the last decades, the frequency of that change has exploded. However, Security seems to be at odds with these changes and is trying to stay relevant. Are you a developer that wants to write secure code? Then this talk is for you!

avatar for Stefan Streichsbier

Stefan Streichsbier

DevSecOps Pioneer, GuardRails
One of the industry's foremost experts in Application Security, Agile Security, and DevSecOps, Stefan Streichsbier has been enabling secure application delivery for the FSI, Government, Software, Education and Infrastructure sectors in both Europe and Asia, for the past 14 years.Stefan... Read More →

Thursday October 18, 2018 12:30am - 1:00am EDT
Live, Online