June Meetup

Security time, We will have exciting talks, lots of people to meet, and great food and Drinks. Courtesy our sponsors JIT (https://www.jit.io).

This is a joint meetup with Pacific hackers community (https://www.phack.org/)

Jit- An open DevSecOps Orchestration Platform allows high-velocity Engineering teams to own product security while increasing dev velocity.

5PM to 5.45PM Networking, food/Drinks
5.45 PM to 8 PM Talks

Talk #1: "Securing a cloud app: from threat modeling to Continuous Security"
(basically I am doing is an extended talk based on the MVS one for Python apps)

Abstract:
In this presentation, we will delve into the process of securing a cloud hosted application, using a Python-based app as our demonstrative model, from scratch. Our initial focus is on the initial crucial step of threat modeling, demystifying the process for beginners and offering a deep-dive into the identification, analysis, and prioritization of potential security risks across the codebase, infrastructure, CI/CD pipeline, and runtime.

Further, we will explore how these identified risks can be mapped to security tools using open-source security (OSS) tools, including some developed by OWASP.

The final part of our journey takes us through the seamless integration of these tools into the Continuous Integration/Continuous Deployment (CI/CD) pipeline. Utilizing Github Actions as a case study, we will show how to build and automate a security-focused workflow, ensuring a constantly secure state for your application.

By attending this session, you'll gain practical insights and tools to build secure cloud applications, maintain an efficient CI/CD pipeline, and tackle the dynamic cyber threat landscape with confidence and foresight. Stay a step ahead in your application security with continuous and integrated security measures.

Speaker: David Melamed CTO JIT

Talks #2: Unlock Your AppSec Career Potential: A Guide to Successful career
Description:
Rapid development cycles and time constraints, diverse skill sets required to evaluate applications built with complex new technologies, evolving threat landscape are some of the reasons that make application security engineer’s job interesting and difficult at the same time. As a result appsec engineers have to develop fast learning mechanisms and based on their strengths and interest, pick the right career paths to not just survive but thrive in the world of application security. In this talk, we will discuss how to analyze one’s strengths and interests and choose the right application security career path and continue to prosper throughout your career.

Speaker: Trupti Shiralkar, Sr Manager Product Security at Datadog and Deidre Diamond Founder CyberSN

Talk #3: Winning Others Over, Cross-Functional Collaboration in Cybersecurity

Whether we’re an extrovert, ambivert, or introvert, the majority of us work with people. Even when we write or review code most of the day, we still receive and provide feedback. In cybersecurity, a large portion of success relies on your ability to win others over. How do you convince developers to write secure code or care about it? How do you work with HR/People to educate new and existing employees about security practices? How do you collaborate with product, program, and project teams to build, deploy, or review? How do we incorporate the OWASP Top 10 into our work and communicate those vulnerabilities and their importance to other teams? Solid documentation is a hallmark of cybersecurity work and an aspect of WOO, but there's more to it. In this presentation, we’ll discuss ways to work cross-functionally and win others over. Methods will be presented for all personality types, and participants will have examples that can be applied in their workplaces.

Speaker: Kelly Thibault is the Executive Director at Secure Diversity, a non-profit focused on diversity in cybersecurity. In her job, she runs the Day of Shecurity Conference and partners with cybersecurity professionals of all levels. She has spent over 15 years running programs, managing risk and crisis response, leading people, and working cross-functionally. She loves learning, wearing multiple hats, and building relationships. She attributes much of her success in building and problem-solving to her ability to make connections and build work relationships.