OWASP Toronto | Developers like Carrots not sticks

TALK

Devs like Carrots not sticks

Summary:

In this talk, we will delve into several crucial concepts that are pivotal in the realm of modern software development. We'll explore the intricate intersection of language, DevSecOps tools, Git strategies, CI pipelines, and self-governance frameworks, shedding light on how they come together to form a cohesive whole..
We will follow an IAC dev story, but also point out where application code checks are also pertinent. Daniel will share lessons learnt while helping clients implement IAC with security scanning and manage of security bugs.
By the end of this talk, you will have a better understanding of how to protect your IAC from security failures, how CI/CD pipelines can save the day and how to manage the security bugs.

Presenter:

Daniel Oates-Lee

Director/ Senior DevSecOps Consultant

Daniel is one of the co-founders and directors of Punk Security Ltd. He has over 23 years of commercial IT experience, with 17 years focused on cyber security. He has worked with some of the largest global financial companies, the UK government and the British military on various projects ranging from penetration testing and security policy writing to technical implementations and red teaming. Over the last 6 years, Daniel’s focus has been on DevSecOps and automating security testing. In his spare time, Daniel volunteers to help run and deliver talks at cyber security conferences, whilst also carrying out his own personal research.