May Meetup - The Ultimate DevSecOps and Well what would you do next...?

First up with have Fraser Scott with Threat Modeling: The Ultimate DevSecOps followed by John Arsmstrong-Prior with An adventure game of mistakes, dilemmas, jeopardy, triumphs and learning opportunities.

Threat Modeling: The Ultimate DevSecOps

Software is eating the world, and hackers are eating the software. Cloud and DevOps are allowing organisations to deploy software with ever increasing velocity and agility, creating bigger and more fluid attack surfaces. But there is hope! Everything-as-code and cloud APIs give better visibility and traceability than ever before, and DevSecOps is becoming increasingly popular with more organisations embedding security automation into their deployment pipelines.

In this talk we will see how to take DevSecOps to the next level using threat modeling. We'll walk through a threat model of a cloud-based service using the OWASP Cloud Security project, looking at it from the perspective of development, operations and security. This talk will show you how threat modeling can dramatically improve the security of your services by identifying and addressing threats, and will give you the basic tools and techniques you need to get started threat modeling your own cloud services.

Fraser is a cloud security engineer and threat modeling evangelist. He comes from a world of DevOps, cloud, automation and security. He hates policies written as Word documents and loves BDD. In his spare time he works on a number of open source projects including the OWASP Cloud Security project, ThreatSpec, and a threat modeling Alexa skill.

Well what would you do next...?

As humans and leaders we all make mistakes - most of them without heavy consequences. Every now an then though we really drop the ball.
We generally survive even these mistakes, but do we take the learning opportunities that come from them?

In this session we'll play an adventure game (like those old-skool books back in the day) - various scenarios (some based on real events) will be played back and the participants will be asked at a crucial juncture "What would YOU do next?", then given 2 or three options to choose from. The path chosen is played out, and we'll look at what the learning opportunities were and whether and how you could take them.

There will be a chance for teams to create their own scenarios and play the game with others in the session - hopefully with a sense of fun!
We'll also look at possible strategies for:

• dealing with high pressure decisions
• doing the right thing
• dealing with the consequences of mistakes
• gleaning the positive learning opportunities when mistakes are made

John is an agile software engineering manager from Derbyshire - now in the world of native mobile apps, but previously .Net, Web, C#, Javascript etc. Working for Capital One in Nottingham with a talented team of agile developers, coaches and testers. I've been using lean/agile methodologies and practices for over 10 years and never cease to be excited by all the new things to learn in this area.

Free pizza and a beer or two will also be available.

N.B. Our lovely hosts at the Capital One Software Studio will pre-arrange access/passes for everyone coming, so be sure to RSVP!

For security reasons, we must have your full name so that you can gain access to the room. You will need some form of ID and your name will be matched to the list. Please update your profile with your full name if you are attending this event. About the Software Studio...

Our Software Studio is the beating digital heart of Capital One. It’s here we create the accessible, user-friendly products and services that make life easier and better for our customers. We’re a customer-focused business, so we’re always thinking about new ways to enhance their experience. Which is where this new facility comes into its own.

For info on parking etc, take a look here (https://www.meetup.com/Mobile-Notts/pages/Capital_One_-_Where_it_is)