What we're about
Upcoming events (5)
TALK ABSTRACT: Organizations are rapidly moving towards microservice style architectures for their applications. Managing comprehensive security for continuous delivery of such applications across organizations continues to remain a serious bottleneck in the DevOps movement. Implementing effective security practices within delivery pipelines can be challenging. The talk shall begin with a view of Continuous Application Security, through Application Security Automation with SAST, DAST & SCA and shall focus on real-world tools and techniques to automate application security tooling in CI/CD pipelines. Traditionally teams have used CI services like Jenkins to continuously deliver applications. But there are issues with running CI services like Jenkins on VPCs mainly due to the Maintenance Overhead and it not being well suited for Container-Native workloads & Cloud-Native Deployments. This talk aims to showcase innovative approaches to running DevSecOps pipelines with Cloud and Container Native approaches by leveraging services like AWS Fargate, Lambda and Step Functions for Security Orchestration and Security Workflows. The idea behind this approach is to leverage ephemeral compute technologies to run CI services as opposed to persistent services, thereby reducing the overhead and leveraging State Machines to run more complex security workflows, especially in Microservice workloads. SPEAKER BIO: Nithin Jois Solutions Engineer - we45 - Nithin has helped build ‘Orchestron’ - A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production. Nithin and his team have extensively used Docker APIs as a cornerstone to most of we45 developed security platforms and he has also helped clients of we45 deploy their Applications securely. Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook - An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook. Nithin is an automation junkie who has built Scalable Scanner Integrations that leverage containers to the hilt and is passionate about Security, Containers and Serverless technology. He speaks at meetup groups, webinars and training sessions. He participates in multiple CTF events and has worked on creating Intentionally Vulnerable Applications for CTF competitions and Secure Code Training. Nithin was a trainer and speaker at events like AppSecDC-2019, AppSecUS-2018, SHACK-2019, AppSecCali-2019, DefCon-2019, BlackHat USA 2019, AppSecCali-2020 and many more. In his spare time, he loves reading about personal finance, leadership, fitness, cryptocurrency, and other such topics. Nithin is an avid traveler and loves sharing stories over a cup of hot coffee.
TALK ABSTRACT: DevOps made its debut ten years ago, and there has been confusion over exactly what it is ever since. From a cultural movement, to a set of tools, to job and team descriptions, there have been many conflicting viewpoints. When Site Reliability Engineering emerged as a discipline in 2016, it only added to the confusion among Engineering and Engineering Leadership. Unfortunately confusion still remains, and many wonder how to incorporate these ideas and roles into their organizations. By the end of this session, you will have a firm grasp of what SRE and DevOps are and how they relate to one another. I will describe the advantages and pitfalls of common industry practices, describe tools for sharing information, and discuss balancing innovation with availability. Finally, you will have suggestions and ideas for incorporating SRE into your organization, with the goal of iterating more rapidly and safely. SPEAKER BIO: Harold "Waldo" Grunenwald Technical Evangelist - Datadog Waldo is a geek, and if you find him odd, there are plenty of things you could blame that on. He's a long-time Sys/Ops Engineer, enjoys leading teams, and is active in the DevOps community. He may or may not be Batman. He is pretty keen on helping orgs stop hurting themselves, insight tooling (trending / monitoring / alerting), and automation in general, and actually enjoys public speaking. He takes joy in helping teams and orgs to stop hurting themselves. In his spare time, he enjoys collecting hobbies that he doesn't have the time to engage in. He hates writing about himself in the third person, and aspires to one day be a better bio writer.