Name: Putting the Sec in DevSecOps: Automating cloud security as an enabler
Start: 2021-12-16T17:15:00Z
End: 2021-12-16T17:15:32.000Z
Location: BrightTALK
Rating: 4

Bridgecrew is the cloud native security platform for developers. By leveraging automation and delivering security-as-code, Bridgecrew empowers teams to find, fix, and prevent vulnerabilities, license violations, and misconfigurations in containerized applications and in infrastructure as code.

With the lines between application and infrastructure security blurring with the help of Kubernetes and other cloud-native technologies, how we approach security has to change. Hear what security experts Jimmy Mesta (Co-Founder of KSOC) and Jim Manico (Founder of Manicode) have to say about this and more in this lively discussion moderated by Bridgecrew Developer Advocate, Steve Giguere.

Modernizing AppSec for a Cloud-Native World with Bridgecrew, KSOC, and ManiCode

Please join Lead Developer Advocate Matt Johnson for this introductory DevSecOps talk featuring an overview of Checkov, our open-source static analysis scanner for Infrastructure as code (IaC).

What this talk will cover:
- Common issues around security that many DevOps teams face today
- Sources of misconfigurations when using Infrastructure as code (IaC)
- How Checkov can help improve your security posture

Securing the cloud: An intro to DevSecOps, IaC security, and Checkov

Infrastructure as code (IaC) is critical for developing cloud-native applications at scale, but with added complexity comes added security considerations. If gone undetected, one IaC misconfiguration can snowball into hundreds of alerts and cloud risk. 

For this talk, we analyzed the most common AWS misconfigurations within Bridgecrew’s IaC scan data to illustrate the importance of IaC security. We’ll walk through each of the misconfigs, the potential risk they pose, and show how to fix them.

What you will learn:
     - Security considerations when leveraging infrastructure as code (IaC)
     - 5 of the most common AWS IaC misconfigurations across Terraform and CloudFormation scan data
     - How the proper policy guardrails and DevSecOps processes can help avoid cloud misconfigurations and keep applications secure

How to Fix the 5 Most Common AWS IaC Misconfigurations

When it comes to security, the DevOps movement has created a culture of autonomy, but those autonomous units don’t necessarily do what’s best, or most secure, for the organization. Automation certainly helps, but it’s only a piece of the puzzle. 

Download this webinar recording featuring hosts from Puppet and Bridgecrew to learn:

     - Key findings from this year’s State of DevOps Report and their security implications
     - How top performers are building out DevSecOps (or secure DevOps) practices
     - What separates high-performing teams from the rest and the implications for security
     - When security automation can drive cultural change (and when it can’t)

How security automation impacts the adoption of DevSecOps

Matt and Steve enjoy beers and talk infrastructure as code, Checkov, cloud security, and more while onsite at re:Invent.

Also, hear the pair discuss: EKS Multi-tenant, Private 5G, The Graviton 3 (how does it work?), and more!

Live from re:Invent 2021! | Codified Security Office Hours | Part 2

Matt and Steve made the trek from London to attend this year's AWS re:Invent! Tune in to hear them chat about their experiences at the conference (they are certainly getting their steps in) and what they've taken away from the sessions and on the expo floor thus far.

Plus, a quick interview with Sravan Rengarajan, Senior PM, Elastic Container Registry

Live from re:Invent 2021! | Codified Security Office Hours | Part 1

What is infrastructure as code (IaC) and how does it make DevSecOps possible for cloud infrastructure?

This introductory overview is great for teams looking to learn more about DevSecOps and how it can be leveraged to strengthen their cloud infrastructure security. Download this 30-minute talk to gain insight into:
     - Problems facing DevOps and security teams
     - Sources of misconfigurations and cloud risk
     - Tools to help with IaC security challenges and education
     - Addressing cloud security throughout the DevOps lifecycle

Plus, learn how to implement a DevSecOps strategy using a crawl-walk-run methodology.

Putting the Sec in DevSecOps: Automating cloud security as an enabler

Cloud Security

infrastructure as code

IaC security

DevSecOps

DevOps

Cloud Architecture

Security

IT Security

Cloud Infrastructure

Developers

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Putting the Sec in DevSecOps: Automating cloud security as an enabler

Presented by

About this talk

More from this channel