Hi [[ session.user.profile.firstName ]]

SHIFT LEFT THEN SHIFT UP: Strengthening Your DevSecOps Posture

The concept of “shift left” engages security earlier in the development cycle of cloud-native applications, accelerating development while reducing risk. However, migrating to cloud-native environments also necessitates the security team to “shift up”, focusing on the application layer to account for the shared-service model and “thin OS” environments that are prevalent in these environments.

Attend this webinar to learn why Shifting Up provides improved security and cost efficiency in cloud-native environments, including:

- Kubernetes orchestrated applications
- Containers running on VMs
- Serverless containers (e.g., AWS Fargate and Azure Container Instances)
- Serverless functions (e.g., AWS Lambda and Azure Functions)
Recorded Jun 20 2019 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Rani Osnat, VP of Product Marketing Aqua Security
Presentation preview: SHIFT LEFT THEN SHIFT UP: Strengthening Your DevSecOps Posture

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • A Multi-tenant Multi-cluster Kubernetes Datapocalypse is Coming Jun 23 2020 5:00 pm UTC 75 mins
    Paul Burt, Technical Product Marketing Engineer, NetApp; Jim Fister, Principal, The Decision Place
    The need for rapid deployment of scalable clusters is creating an opportunity for container solutions such as Kubernetes. But what are the implications of multiple Kubernetes clusters in a broad deployment? What happens if a cluster goes down? What’s the impact on business resiliency? Managing and securing multiple clusters is becoming a key topic and area of debate. Multi-cluster Kubernetes that provides robustness & resilience is rapidly moving from “best practice” to a “must have”.

    In this webcast we’ll dive into:
    •The history of multi-cluster Kubernetes
    •How multi-cluster setups could affect data heavy workloads (such as multiple microservices backed by independent data stores)
    •Managing multiple clusters
    •Keeping the business functioning if a cluster goes down
    •How to prepare for the coming datapocalypse
  • Cloud Native DevOps: Why Kubernetes is a game-changer for enterprises Recorded: Apr 23 2020 49 mins
    Jim Bugwadia, Founder and CEO, Nirmata
    Cloud native technologies, like containers and Kubernetes, enable enterprise agility at scale and without compromises. In this session, Jim Bugwadia, who is a founder and the CEO at Nirmata - the Kubernetes Management Plane for Enterprises, will show how enterprises can warp speed their DevOps initiatives by embracing cloud native technologies. You will learn:

    - How containers and Kubernetes impact enterprise DevOps
    - What organizational patterns drive successful Kubernetes adoption
    - How to approach hybrid and multi-cloud strategies with Kubernetes
  • Oracle Databases in a DevOps World Recorded: Apr 23 2020 59 mins
    Nick Walter, Principal Architect
    Have you automated your entire CI/CD pipeline except for the manual DBA actions? Are untested SQL scripts your main source of deployment issues? You aren't alone. Many shops that embrace DevOps principles realize improvements in almost all areas... except for databases. In this talk, we will explore both methods for bringing Oracle DBA teams into a DevOps mindset, and practices for leveraging the benefits of DevOps automation for Oracle database operations.
  • Strategies for Driving DevOps Transformation in the Enterprise Recorded: Apr 23 2020 48 mins
    Jeanne Morain - iSpeak Cloud; Graham Berry - OpenShift, RedHat; Mark Berry - 6point6; TJ Gonen - Check Point
    Some analysts say that DevOps is starting to reach maturity, and as such there are numerous tools flooding the market. But all good tools only reap true benefits if there is a solid strategy to their use and implementation.

    Join this webinar as we take a closer look at how solid DevOps strategies can support emerging tools and foster transformation in mission-critical software environments.

    Topics will include:

    - Why it’s crucial to build a culture of continuous, collaborative improvement and evolution between dev and ops
    - What metrics and approaches can help to forecast the value of DevOps accurately
    - Foundational success factors, including management buy-in, the maturity of current processes, and CI/CD tools

    Moderator:
    - Jeanne Morain - Founder, iSpeak Cloud

    Panellists:
    - Graham Berry - EMEA Sales Lead - OpenShift, RedHat
    - Mark Berry - DevOps Director, 6point6
    - TJ Gonen - Head of Cloud Security Programs, Check Point
  • From Data Dependence to Testing Transcendence Recorded: Apr 22 2020 43 mins
    Akila Kavo, Delivery Manager, Emerging Technology, tap|QA
    Have you ever had challenges with unsuitable test data? Have you lost time each cycle due to tracing back data questions to key team members?
    Is your data structure so complicated and under-documented that you struggle to know where to even start?

    Whether you are contributing to a project using the latest technology trends or an antiquated mainframe system running on punch cards,
    having a robust Test Data Management Strategy in place is crucial to the timely and smooth execution of your testing effort.

    Join tap|QA's Akila Kavo, Delivery Manager of Emerging Technology, as we’ll explore best practices and real world examples in Test Data Management with a keen focus on how to integrate with your test automation solution.

    We’ll dive into the following topics:

    1) Why TDM is so important
    2) What questions to ask to properly identify your problems
    3) Strategies in creating the best TDM environment possible honed from multiple consulting engagements!
    4) A technical demonstration of different approaches

    Attendees will learn what questions to ask to get to the root source of data management woes. We’ll focus on how to solution a Test Data Management strategy, and plan its implementation.

    You’ll learn what metrics to capture and how you can use them to quantify the value you are providing to the business.
  • AI and Machine Learning in a Selenium World Recorded: Apr 22 2020 49 mins
    Mike Wagner, Test Architect and Principal Consultant for tap|QA
    Many testing teams today use Selenium for their automation needs and rightfully so, Selenium allows for cross browser and mobile support, it’s free and has a large open source community behind it.

    Regardless of its feature set, Selenium and test automation in general has its own list of pain points like test maintenance and test coverage.
    These pain points can have a large impact on testing metrics depending on the test architecture used and the design patterns being followed.

    To address these pain points a team can utilize areas of Artificial Intelligence (AI) and Machine Learning (ML) via open source libraries.
    This enables the tests to find their own elements and attempt every possible combination of test cases, which a tester could then store, rerun, and iterate on.
    This approach effectively gives Selenium a brain in the form of models and actions.

    Join Mike Wagner, Test Architect and Principal Consultant for tap|QA as he leads this informative session for teams interested in integrating Artificial Intelligence into their existing Selenium framework.

    Takeaways: Understanding of the different areas of Machine Learning/AI with an emphasis on:
    * Convolutional Neural Networks (How they apply to element selection)
    * Reinforcement Learning (How it applies to test coverage)
    Approach for implementing Convolutional Neural Networks and Reinforcement Learning into an existing Selenium framework.
    * Introduction to top open source libraries related to Machine Learning
  • [Panel] Finding the Balance Between Manual and Automated Testing Recorded: Apr 22 2020 45 mins
    Eran Kinsbruner - Chief Evangelist, Perforce | Matt Rose, Global Director Application Security Strategy at Checkmarx
    Keeping up with customer expectations in the digital age and continuously releasing high-quality software is tough. While not a silver bullet, the answer to doing both well in 2020 increasingly lies in test automation.

    However, adopting test automation is not without its challenges, and it must be blended correctly with manual testing.

    Join this panel of testing experts as they discuss how to find the balance between manual and automated testing, including:

    - Where to introduce automated testing
    - Why it’s crucial that you establish a repeatable manual documented process prior to implementing any automation
    - How to scale automated testing


    Panelists include:

    - Eran Kinsbruner - Chief Evangelist at Perfecto by Perforce
    - Matt Rose, Global Director Application Security Strategy at Checkmarx
  • An Introduction to Test Lifecycle Automation – Going Beyond Automated Regression Recorded: Apr 22 2020 27 mins
    Faz Ahmad, Prolifics Testing
    Prolifics Testing will present a guide to Test Lifecycle Automation and an overview of some of the tools that drive it. These use concepts such as Machine Learning, Data Mining, Predictive Analytics and Containerization with Open Source tools to automate all aspects of testing, including Test Design, Data, Execution and Validation.

    Int this session, we will show how you can implement Test Automation innovation within your organisation for all Web, Mobile, Desktop and Cloud-based applications.
  • Achieving Data Agility in a DevSecOps World Recorded: Dec 11 2019 35 mins
    Sanjeev Sharma, VP and Global Practice Director for Data Modernization, Delphix
    As organizations mature on their DevOps adoption journey, adopting Continuous Integration and Continuous Delivery (CI/CD) automation, and breaking down organizational silos, application delivery and infrastructure provisioning speed is being accelerated. The next challenge now being exposed is the lack of agility in delivering Data into non-production environments.

    Development and Testing require the availability of relevant data in the production-like Dev and Test environments on demand, to ensure rapid testing and validation of each Build. Data is however difficult to provision and deliver on demand. This results in Data Friction being the impediment to true ‘flow’ through application delivery pipelines. Other than the inherent cost and time it takes to provision and store data instances, there is also the risk that exponentially increases as more and more instances of Data are provisioned in multiple non-production environments.

    As Dev-Test teams deliver faster and leverage more environments across parallel development streams, the number of non-production Data instances is typically several orders of magnitude higher than Production instances, increasing the exposed surface area. The ask hence is to be able to provision and deliver production-like Data instances, on-demand, as, when and where Dev-test practitioners need them in non-prod environments, while securing the Data at the same time.

    In this session Sanjeev Sharma, VP and Global Practice Director for Data Modernization will discuss practices large enterprises need to adopt, across Process, Technology and People in order to be able to Provision, Deploy, Manage, Govern, and Secure Data in Application Delivery Pipelines, addressing Data Friction and Data Security challenges that may be impeding DevSecOps adoption.
  • Tips and Tricks for Docker-Based Pipelines Recorded: Nov 21 2019 47 mins
    Dan Garfield, Chief Technology Evangelist, Codefresh.io
    Most people think “adopting containers” means deploying Docker images to production. In practice, adopting containers in the continuous integration process provides visible benefits even if the production environment are VMs. In this webinar, we will explore this pattern by packaging all build tools inside Docker containers. Container-based pipelines allow us to create and reuse building blocks to make pipeline creation and management MUCH easier. It’s like building with Legos instead of clay.

    This not only makes pipeline creation and maintenance much easier, it also solves a myriad of classic CI/CD problems such as:
    Putting an end to version conflicts in build machines
    Eliminating build machine management in general
    Step portability and maintenance

    In a very real sense, Docker-based pipelines reflect lessons learned from microservices in CI/CD pipelines. We will share tips and tricks for running these kinds of pipelines while using Codefresh as a CI/CD solution as it fully supports pipelines where each build step is running on its own Docker image.
  • How Containers Promote Rapid Application Development Recorded: Nov 21 2019 39 mins
    Julian Fahrer, Software Engineer, Hover, Inc.
    This webinar focuses on the aspects of Docker and Containers that can help you in the development lifecycle of your applications. By utilizing containers you can save time and simplify your development workflow. The benefits you will learn about range from frictionless onboarding of new developers, consistent environments, saving time in managing workstations and dependencies to quickly adapting to new requirements. You will understand the challenges of developing applications within containers and techniques to overcome them. After this session, you will understand:

    - How to utilize containers to speed up your development process and free up resources
    - Where to start and how to drive progress on integrating containers into your development workflow
    - Challenges you might encounter along the way and techniques to overcome them
    - The ways containers will shape how you think about application and infrastructure design


    Julian is a Software Engineer, Online Educator, and Container Enthusiast. He automates all the things and containerizes Ruby applications at day. At night he sleeps. In between those times, he is busy climbing, hiking and teaching people about Docker and Containers at LearnDocker.online. His current life goal is to drastically reduce the time he sits per day.
  • COBOL’s secret. How it continues to power business at 60 years old. Recorded: Nov 20 2019 49 mins
    Derek Britton, Jerome Rose
    The application development language, COBOL, is 60! September 1959 saw the first mention of the technical acronym “COBOL”, which was then adopted as the name for the language being specified and developed. Our first COBOL SIG session will kick things off describing the computing language’s contemporary relevance, use cases and prevalence. The language’s history is a fascinating study - the way in which it was designed, its continued evolution and relevance, and a number of defining characteristics have ensured it remains in widespread usage. Join us as we discuss and outline those attributes.
  • CCS [Ep.6]: Next-Generation Cybersecurity - Policy Process and Organization Recorded: Oct 31 2019 59 mins
    Johna Till Johnson, CEO and Founder, Nemertes Research
    Cloud and Cybersecurity Series [Ep.6]: Next-Generation Cybersecurity: Policy Process and Organization

    Resources are finite. So deploying them wisely is what differentiates successful cybersecurity organizations from those that are less successful. Find out how these successful cybersecurity organizations are structured, what policies they have in place, and what strategies they do—and don’t—follow to protect their enterprise organizations.
  • Achieving Data Agility in a DevSecOps World Recorded: Oct 24 2019 35 mins
    Sanjeev Sharma, VP and Global Practice Director for Data Modernization, Delphix
    As organizations mature on their DevOps adoption journey, adopting Continuous Integration and Continuous Delivery (CI/CD) automation, and breaking down organizational silos, application delivery and infrastructure provisioning speed is being accelerated. The next challenge now being exposed is the lack of agility in delivering Data into non-production environments.

    Development and Testing require the availability of relevant data in the production-like Dev and Test environments on demand, to ensure rapid testing and validation of each Build. Data is however difficult to provision and deliver on demand. This results in Data Friction being the impediment to true ‘flow’ through application delivery pipelines. Other than the inherent cost and time it takes to provision and store data instances, there is also the risk that exponentially increases as more and more instances of Data are provisioned in multiple non-production environments.

    As Dev-Test teams deliver faster and leverage more environments across parallel development streams, the number of non-production Data instances is typically several orders of magnitude higher than Production instances, increasing the exposed surface area. The ask hence is to be able to provision and deliver production-like Data instances, on-demand, as, when and where Dev-test practitioners need them in non-prod environments, while securing the Data at the same time.

    In this session Sanjeev Sharma, VP and Global Practice Director for Data Modernization will discuss practices large enterprises need to adopt, across Process, Technology and People in order to be able to Provision, Deploy, Manage, Govern, and Secure Data in Application Delivery Pipelines, addressing Data Friction and Data Security challenges that may be impeding DevSecOps adoption.
  • Introducing a Security Feedback Loop Recorded: Oct 24 2019 30 mins
    Dan Garfield, Chief Technology Evangelist, Codefresh.io
    We’re all looking at ways to prevent vulnerabilities from escaping into our production environments. Why not require scans of your Docker images before they’re even uploaded to your production Docker registry? SHIFT LEFT!

    When your engineers get information about security vulnerabilities earlier, they're more efficient with fixes!

    Join Codefresh, as we demonstrate setting up vulnerability and compliance thresholds in a CI pipeline. We will show you how to give your teams access to your Docker images’ security reports & trace back to your report from your production Kubernetes cluster using Codefresh.
  • DevOps for Your Cloud Project - What’s Behind the Success of Cloud Adoption? Recorded: Oct 24 2019 18 mins
    Alberta Bosco, Sr. Product Marketing Manager at Puppet
    The shift to the cloud is about breaking down traditional barriers and opening new lines of communication and collaboration to solve problems. If you have already implemented DevOps practices in your organisation you will find it much easier to transition to the cloud.

    Why? Because cloud transformation requires significant collaboration between different teams. Because cloud adoption is complex a diverse, cross-functional team with experience and perspectives from around the company, can help create a collaborative environment that enables success.

    In this talk you will learn:

    How to manage the cultural shift required for a successful cloud project;

    How to build cross-teams, establish processes, adopt new tools and define KPIs;

    How to identify areas for improvement, increase agility and efficiency.
  • [Panel] DevOps Adoption Challenges and How to Overcome Them Recorded: Oct 24 2019 58 mins
    Brad Schick, Skytap | Daniel Breston, Virtual Clarity | Jeremy Brown, Red Hat EMEA
    To win with DevOps, you need to be aware of potential issues and know how to overcome the challenges so that you can make the most of its benefits.

    With the incredible growth of DevOps in a short space of time comes numerous questions about how best to adopt it. From insights and driving factors of adoption - to dealing with legacy systems and incorporating robust security features - join our panel of experts to hear advice and learnings from those at the forefront of DevOps adoption.

    Panelists:
    Brad Schick, CTO, Skytap
    Jeremy Brown, Director, Red Hat Open Innovation Labs - EMEA, Red Hat
    Daniel Breston, Technology Leadership Transformation Coach, Virtual Clarity
  • SHIFT LEFT THEN SHIFT UP: Strengthening Your DevSecOps Posture Recorded: Oct 23 2019 46 mins
    Rani Osnat, VP of Product Marketing Aqua Security
    The concept of “shift left” engages security earlier in the development cycle of cloud-native applications, accelerating development while reducing risk. However, migrating to cloud-native environments also necessitates the security team to “shift up”, focusing on the application layer to account for the shared-service model and “thin OS” environments that are prevalent in these environments.

    Attend this webinar to learn why Shifting Up provides improved security and cost efficiency in cloud-native environments, including:

    - Kubernetes orchestrated applications
    - Containers running on VMs
    - Serverless containers (e.g., AWS Fargate and Azure Container Instances)
    - Serverless functions (e.g., AWS Lambda and Azure Functions)
  • CCS [Ep.5]: Application Security Meets Multicloud Recorded: Oct 23 2019 50 mins
    John Burke, CIO and Principal Research Analyst, Nemertes Research
    Cloud and Cybersecurity Series [Ep.5]: Application Security Meets Multicloud

    Enterprises are developing and buying applications to run everywhere: across multiple clouds, multiple data centers, desktops, mobile devices, and IoT devices. In a multicloud environment, IT needs to take a multipronged approach to securing applications.

    We'll how organizations approach securing their applications for the multicloud, ranging from changes in the development process to the embrace of security technologies including IAMaaS, microservice authentication, and enterprise secure cloud access and policy enforcement (ESCAPE).

    This webinar presents data from Nemertes' in-depth research study of 335 organizations in 11 countries across a range of vertical industries.
  • 10 Attributes of Elite DevSecOps Programs Recorded: Oct 23 2019 29 mins
    Derek Weeks, VP at Sonatype and Co-Founder of All Day DevOps
    We've spent six years studying secure coding practices of DevOps and Continuous Delivery organizations by surveying over 15,000 IT professionals. We've analyzed their staffing practices, educational priorities, automation choices, and process improvements that improve their cybersecurity preparedness. Our study has also uncovered details of where automation fails, awareness falls short and breaches happen.

    Come participate in this session where we will share the 10 habits practiced by the DevSecOps Elite that you can then apply to -- or further mature within -- your own organization. We will also uncover what our analysis revealed about securing CI/CD pipelines, including what popular Jenkins plug-ins are used for security.

    Learning objective:
    We've spent six years studying secure coding practices of DevOps and Continuous Delivery organizations. Learn the 10 habits practiced by the DevSecOps Elite -- including their approaches to training, process, and automation -- that you can apply to your own organization.
Trends and insights for developing apps and maintaining service
The webcasts in this channel will highlight trends and best practices for the application development lifecycle as well as how to make sure your application maintain a steady level of service.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: SHIFT LEFT THEN SHIFT UP: Strengthening Your DevSecOps Posture
  • Live at: Jun 20 2019 3:00 pm
  • Presented by: Rani Osnat, VP of Product Marketing Aqua Security
  • From:
Your email has been sent.
or close