DevSecOps - an afternoon of Security & Azure DevOps

In the run-up to DevOpsDays Copenhagen (https://www.devopsdays.org/events/2019-copenhagen/welcome/) we are inviting you to join us for an afternoon of Security and DevOps. We have invited René to join us and share some of his learnings from implementing security in the pipelines of various enterprises.

This time we are inviting you to join us for an afternoon of Security and DevOps. We have invited René to join us and share some of his learnings from implementing security in the pipelines of various enterprises.

Agenda:

16.00 Registration and networking
16.25 Welcome
16.30 The shift to Rugged DevOps - Security in the pipeline
17.30 Break with refreshments
18.00 Real world failure
19.00-ish End of program

About the speakers and sessions:

The shift to Rugged DevOps - Security in the pipeline
By Rene Van Osnabrugge - Twitter: @renevo

Pipelines take care of building and deploying your application, but they secure? And the code that you are deploying? With many releases a day, security officers will not be able to verify each release. Rugged DevOps is all about securing your assets and embed Security into your DevOps process.

Putting Developers and IT-Pros in one team does not make it a DevOps team. And even when they work smoothly together there is always Security that needs to be addressed. Build and Release Pipelines take care of building and deploying your application, but are your pipelines secure? And the code that you are deploying? With many releases a day, security officers will not be able to verify each release. Rugged DevOps is all about securing your assets and your pipeline and really embed Security into your DevOps process.

In this talk I will guide you through the concepts of Rugged DevOps, the risks companies are currently facing and talk about some strategies and tools which can help you embed security into your DevOps processes.

Real world failure (in a DevSecOps context)
By Thomas Lund Erichsen and Leif Howalt Elgaard Høj

Frequent and faster releases are business demands that more and more development teams are facing. This demand and the fact that it is more important than ever to protect business assets makes it very crucial to consider security throughout the software development lifecycle and not as an afterthought. Use of automated security testing for continues and quick feedback to developers are very important. However, equally – or perhaps even more - important is the team skills to design and build applications where security controls are a part of the solution design. This talk will focus on the discipline of making design decisions that set the foundation of the application security posture.

Location:
We are happy that NNIT are hosting this Meetup. Due to facility policy all guests must be registered. The reception at NNIT have asked us to share the first and last names of all participants for pre-registration to avoid long wait time when you are arriving. Please make sure your correct name are registered at meetup.com.

Refreshments:
NNIT has been kind enough to sponsor refreshments and a light meal

Parking:
There are plenty of options in the area. NNIT has a limited number of guest parking spots, but it shouldn't be hard to find a spot in the area around the office.

Public Transportation:
The NNIT offices are right next to a public transportation hub with great connectivity to the rest of the city.

This event is co-hosted with Azure User Group Denmark (AZUG)