OWASP Meetup - SF November 2017

Please join us for an awesome night of security, courtesy of our host: Credit Karma. There will be three amazing talks, food/drinks, and security!

• 6:30 - Doors open

• 6:45-7:00 - News with Hardeep Singh

• 7:00-7:30 - Three Keys for SecDevOps Success (Frank Kim)

• 7:35-8:05 - TLS for Microservices (Michael Cline)

• 8:05-9:00 - Networking

Talk 1: Three Keys for SecDevOps Success (Frank Kim)

Learn three things that security teams can do to get to “yes” with DevOps teams that are striving to move at an even more rapid pace. Traditional application security practices can’t keep up with the speed of modern development organizations. Hear how you can start to make a difference for your organization.

Bio:

Founder of ThinkSec, a security consulting and CISO advisory firm. Previously, as CISO at the SANS Institute, Frank led the information risk function for the most trusted source of computer security training and certification in the world. With the SANS Institute, Frank continues to lead the management and software security curricula, helping to develop the next generation of security leaders.

Frank was also executive director of cybersecurity at Kaiser Permanente where he built an innovative security program to meet the unique needs of the nation's largest not-for-profit health plan and integrated health care provider with annual revenue of $60 billion, 10 million members, and 175,000 employees.

Frank holds degrees from the University of California at Berkeley and is the author and instructor of popular courses on strategic planning, leadership, application security, and DevOps.

Talk 2: TLS for Microservices (Michael Cline)

With TLS being a standard for exposed REST services, what about services internal to your environment? (i.e.clustered micro-services, databases, message queues, etc) Moreover how do you handle internal service encryption at cloud scale when you potentially have hundreds of unique service environments with numerous endpoints? At VMware we built Diploma to answer that need. Diploma is a distributed certificate management service that allows for secure generation and disbursement of TLS certificates for internal communicating web-services all through a simple REST API. Diploma has built-in multi-tenancy and can generate, disperse and manage certificates for hundreds to thousands of unique service environments on a single clustered deployment. If you’ve ever wondered how to handle internal TLS for medium to very large clustered service environments, this is definitely for you. Diploma uses one principal component, Vault, and within this presentation you will see how Vault acts as a key component in all PKI features along with how we utilize it to provide internal TLS at scale.

Bio:

Currently a Lead Engineer @vmware in the Cloud SaaS department where I work on distributed systems, microservices and service reliability. I enjoy traveling, table tennis, astronomy, geo-politics and occasionally day trading which spawned an enthusiast website I’ve recently released, MarketCrown.com