• Why does security matter for DevOps?

    TEKsystems

    Speaker Caroline Wong is the Chief Security Strategist at Cobalt.io. This talk begins by exploring the answer to the question, why does DevOps matter? Business do what they need to do to survive and succeed. If their customers need agility, then they will evolve to accommodate that. Next, key differences between the pre-DevOps world and the post-DevOps world are discussed. Before, it was about on-premise, protecting the perimeter, and enforcing gates in the SDLC. Now, supply chain is king. Applications and APIs matter more and more. And everything is mobile. For agile companies, security is a strategic business driver. It prevents unplanned work and re-work, and security requirements are explicitly specified during the sales process as part of vendor security assessments. Additional drivers also include avoiding bad press and compliance reasons - both of which, if you look under the covers, are ultimately about getting more sales. This presentation analyzes the actual language in Bill Gates' Trustworthy Computing memo to see that in fact even Microsoft's "noble" initiative was "all about the money." That being said, what's a security professional to do? BSIMM has 113 controls, ISO27017 has 121, and CCM has 133. It's enough to make a person's brain explode. This session concludes with expert recommendations on how to think about security for DevOps in a way that aligns The Modern Application Security Framework, take a look at https://resource.cobalt.io/hubfs/The-Modern-AppSec-Framework.pdf Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital. These days she helps connect DevOps companies who want to improve their cybersecurity posture with hackers who can help find their problems before the bad guys do. Caroline received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill in 2011. She graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences. Agenda 6:30 - 7:00pm - Snacks & drinks; networking 7:00 - 8:00pm - Presentation by Caroline Wong