October Meetup

We're thrilled to announce October month's meetup on 19th, courtesy Semgrep.

Get ready for an great evening of networking, knowledge sharing and awesome food and drinks.

Agenda

5:00 - Check in, grab some food/drinks and network

5:45 - Introductions

6:00 - 6:45 -AI applied to Cybersecurity

6:45 - 7:30 - Roadmap to DevSecOps Adoption with Case Studies

7:30- 8:00 - IAM for the DevSecOps Engineers

Talk #1:

AI applied to Cybersecurity: Current applications and where we’re headed

Abstract

With the rise of large language models (LLMs), there’s been an explosion of innovation in AI being applied to nearly every domain, from generating beautiful art, to summarizing huge bodies of text, automating sales outreach and customer service, performing scientific research, and more.

I’ve spent hundreds of hours following how AI is being applied to cybersecurity, and in this talk, I’m going to distill the best articles, papers, and talks across cloud security, web security, AppSec, offensive security and more into one talk so you can rapidly understand the lay of the land.

You’ll leave the talk with a solid understanding of the current landscape, open problems, where things are headed, and tons of links where you can learn more and tools you can immediately start playing with.

Speaker:

Clint Gibler, Who is a passionate, hard-working computer security professional. He has experience working in several types of security-focused companies, from government contractors to security consulting firms and startups.

Keep up with the latest and greatest in security research via Clint's free newsletter: https://tldrsec.com/

Talk 2#

Roadmap to DevSecOps Adoption with Case Studies

Brief on traditional DevOps.

The rising need for security: Introducing DevSecOps.

The benefits of integrating security into the CI/CD pipeline.

Key Principles of DevSecOps

DevSecOps vs. traditional security models.

The continuous nature of DevSecOps: Continuous Integration, Continuous Delivery, Continuous Security.

"Shift Left" philosophy: Implementing security in the early stages.

Automation: Making security checks automated and integral to the pipeline.

Collaboration: Breaking silos between Dev, Ops, and Security teams.

Setting up Your Toolchain

Identifying the right tools for:

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Interactive Application Security Testing (IAST)

Integrating these tools into the CI/CD pipeline.

Continuous monitoring and real-time feedback loops.

Best Practices

Regularly updating and patching tools and systems.

Collaborative threat modeling.

Continuous feedback loop: Learning from security incidents.

Prioritizing security debts alongside other technical debts.

Measuring Success

Key Performance Indicators (KPIs) for DevSecOps.

Reduced number of security incidents.

Faster incident response time.

Number of vulnerabilities detected and addressed in the early stages.

Speakers:

Ankush Jain: Ankush is the co-founder & CTO at Akto (https://www.akto.io) - The open source API Security product. Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He holds Bachelors in Technology from IIT Bombay. He is also a speaker at Black Hat and Defcon.

Ankita Gupta: She is the co-founder and CEO of Akto.io - The open source API Security product. Prior to Akto she has experience working in VMware, LinkedIn and JP Morgan. She holds MBA from Dartmouth College and Bachelors in Technology from IIT Roorkee. She is also a speaker at Black Hat and Defcon.

Talk 3#

IAM for the DevSecOps Engineer

Is moving security controls to earlier in the development cycle a good idea? The benefits are already well understood in the context of scanning and testing, but can IAM benefit from this as well? As it turns out – yes! – but not without its trade-offs. To paraphrase from Carl Sagan: If you wish to shift left with IAM from scratch, you must first invent the universe. When it comes to IAM, the DevSecOps engineer needs to make sure what they build is functional, frictionless, and repeatable. In this talk, we'll cover the challenges and technical details around what it means in practice to "shift left" for IAM. We'll look at Infrastructure as Code, GitOps, and how their rough edges can make you want to go back to clicking around in a web console. We'll dive into Terraform and how its concurrency, latency, and consistency nuances can make you yell at your CI/CD pipelines.

Bio: Jeff Chao is the Co-Founder & CTO at abbey.io, which is taking a unique approach to automating IAM via Terraform. Prior to starting Abbey, he led Change Data Capture at Stripe to make sure $640 Billion went to the right bank accounts. Before that, he was at Netflix trying to make the play button work with 100% uptime.