Worum es bei uns geht

Hier gehts um DevOps, System-Automation, Infrastructure as Code, Continuous-Delivery, Continuous-Deployment, Continuous-Integration, Testing in Production, Puppet, Scrum, Kanban, Linux und OpenSource.

Wir treffen uns in regelmäßigen Abständen zum Erfahrungsaustausch und zum Networking in Stuttgart. Wenn Du Interesse hast, kannst Du ja diesem Meetup beitreten - wir werden die Termine rechtzeitig ankündigen.

Bevorstehende Events (1)

Agile Threat Modelling


[Disclaimer] This is a cross-promotion for a meetup hosted by ThoughtWorks Germany. We hope to re-vive the DevOps Stuttgart community with this event and hope you like it! INTRO: Threat modelling aims at designing secure systems by identifying security threats and evaluating mitigations on a risk-based approach [1]. Traditionally, threat modelling was conducted as part of a complex upfront analysis of the software architecture. With software engineering teams moving to a more agile way of working, the need to integrate security best practices into agile development is increasing. Agile Threat Modelling offers a way for agile Software Engineering teams to mitigate security risks based on real threats in their system at the time of development. ABOUT THE TALK: This meetup will walk you through an Agile Threat Modelling Workshop by using a hands-on example. You will learn how to conduct an Agile Threat Modelling Workshop and how to implement security best practises into your agile way of working. Outcome for the participants will be a set of methods to start running their own Agile Threat Modelling sessions in their teams. We believe that Security is the responsibility of every member in the team ranging from Business Analysts to Experience Designer to Developers and Leads, we therefore also encourage people from non-technical roles to attend. [1] https://martinfowler.com/articles/agile-threat-modelling.html ABOUT THE SPEAKERS: Katharina Dankert is a problem solver, with a background in systems engineering and opinions on security. She works for TW as an infrastructure developer and security expert. She is currently leading platform level security thinking for cloud based infrastructure at a large German manufacturer. She started work in the tech domain believing that working with computers would mean being able to work less with humans. She has learned sometimes somewhat to her chagrin, that human interactions create more complexity and interesting risks than even the most intricate of technical systems. Jennifer Parak currently works as a Software Developer at ThoughtWorks. Having started her career working with Microservices in a Java/Spring Boot environment, she recently found herself working with smart ecosystems and developed a great passion for it. She discovered her excitement about Security on writing her Masters thesis where she developed a Convolutional Neural Network to create a POC for Cracking visual captchas. As Security Champion in her team and facilitator of the Security Guild, she is now able to put her passion into practise by advocating for a shift-left Security approach. Michael Lihs currently works as an Infrastructure Consultant at ThoughtWorks. Coming from a larger enterprise, where security was usually left to a “team of specialists”, he quickly learned to embrace Agile Threat Modelling as a technique to shift left on security. He strongly believes that security is everyone’s responsibility and that everyone in the software development process should be involved.

Vergangene Events (51)

Fotos (123)