Secret Dragons - Harder To Execute

Agenda
1800 - Doors Open served with Pizza and Drinks
1830 - First Talk
1900 - Comfort Break
1915 - Second Talk
1945 - Networking + Demolish the remainder of the food
2100 - Finish

"Secret Management Journey - Here Be Dragons" By Marcus Maxwell
Secret Management Journey - In the beginning there was a file and it contained all the passwords in the plain text, but then someone stole all the passwords, so we don't do that anymore. In this talk I will explore how secret management has evolved over the years, what is the common path to maturity, what good looks like and why "Just use HashiCorp Vault" is a good heuristic. Explore with me the perils of storing secrets in Jenkins, how ansible-vault leads to disasters and where does CyberArk Conjur sit in all of this.

"Vulnerability management in DevSecOps: Easy Concept But Harder To Execute" By Vladimir Jirasek
Vulnerability Risk Management is certainly one of the most critical security processes in any company. Attacks on applications and systems can be divided into two categories: exploiting one or more vulnerabilities, or exploiting a human - typically by social engineering. Most sophisticated attacks use a combination of the above. To defend against the former, organisations have developed processes to detect, analyse and remediate vulnerabilities. The key question any organisation should be asking when planning DevSecOps, in the scope of vulnerability management, is whether any of their existing processes need to change and how much. The talk will explain a built about best practice process in a traditional organisation and then dissect individual areas in the view of DevSecOps. Prepare to challenge and be challenged discussing this boring yet critical subject.