This Meetup was canceled.
Thank you Tableau Software for hosting us!
Tanya Janca @SheHacksPurple
In DevOps everyone performs security work, whether they like it or not. With a ratio of 100/10/1 for Development, Operations, and Security, it’s impossible for the security team alone to get it all done. We must build security into each of “the three ways”; automating and/or improving efficiency of all security activities, speeding up feedback loops for security related activities, and providing continuous learning opportunities in relation to security. While it may sound like the security team needs to learn to sprint, give feedback, and teach at the same time, the real challenge is creating a culture that embodies the mindset that security is everybody's job.
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application security; evangelizing software security and advocating for developers through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, software developer, effective altruist and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.
Are you ready for a cloud pen test?
Teri Radichel https://2ndSightLab.com
You may need a cloud penetration test due to a compliance requirement, or because you want to verify the security of your account. But what is a cloud penetration test? There are different aspects of cloud security that can be tested depending on the scope of your test. You'll probably want to evaluate more than the cloud configuration. You'll need to know what the cloud providers allow, and what is required. Learn how differences in the cloud environment will affect your penetration test, and what things are not so different. Also, consider whether a penetration test or other types of assessments might be more valuable.
Teri Radichel is the CEO of 2nd Sight Lab in Seattle. She has numerous security certifications, is an AWS Hero, IANS Faculty Member, and received the 2017 SANS Difference Makers Award for her innovative research in cloud security. She was on the original team that helped Capital One move to the cloud and has helped 1000's of companies with cloud security through speaking at conferences like RSA and re:Invent, writing, training, and consulting. She is a former SANS instructor and helped with the SANS cloud curriculum, but now teaches a new cloud security architecture and engineering class and offers cloud penetration testing through her company.
Terrascan: Terraform Static Analysis
Braxton Ehle Senior Product Security Engineer at Tableau
Given the velocity of changes in modern service development, security teams can’t solve every security issue, nor discover every risk, with a meeting. As our team tried to scale our brains, we looked at ways to find and alert teams to security issues before they see the light of production. Terrascan, a modification of a few open source libraries, allows our dev teams to easily integrate infrastructure security checks into their CI/CD pipeline.