Hi [[ session.user.profile.firstName ]]

Introducing a Security Feedback Loop

We’re all looking at ways to prevent vulnerabilities from escaping into our production environments. Why not require scans of your Docker images before they’re even uploaded to your production Docker registry? SHIFT LEFT!

When your engineers get information about security vulnerabilities earlier, they're more efficient with fixes!

Join Codefresh, as we demonstrate setting up vulnerability and compliance thresholds in a CI pipeline. We will show you how to give your teams access to your Docker images’ security reports & trace back to your report from your production Kubernetes cluster using Codefresh.
Recorded Apr 25 2019 31 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dan Garfield, Chief Technology Evangelist, Codefresh.io
Presentation preview: Introducing a Security Feedback Loop

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Agile Blind-spots: Angles to Keep at Sight for a True Agile Transformation Oct 24 2019 10:00 am UTC 45 mins
    Cristiane (Coca) Pitzer, Retail inMotion
    This Talk is based on real-life experience while leading Agile transformation in organisations.

    I will speak about what I have learned as well as some angles I almost missed, and that other Agile Coaches typically miss while identifying corporate problems.

    A practical session where I call out the blind spots and actual actions taken to course-correct.

    Presented by:
    Cristiane (Coca) Pitzer, Head of Agile & Agile Transformation, Retail inMotion
  • Kubernetes in the Cloud (Part 2) Jul 17 2019 5:00 pm UTC 75 mins
    Michelle Tidwell, Program Director, IBM; Tom Clark, Distinguished Engineer; Matt Levan, Storage Solutions Architect
    As enterprises move to a hybrid multi-cloud world, they are faced with many challenges. Decisions surrounding what technologies to use is one, but they are also seeing a transformation in traditional IT roles. The storage admins are asked to be more cloud savvy while new roles of cloud admins are emerging to handle the complexities of deploying simple and efficient clouds. Meanwhile, both these roles are asked to ensure a self-service environment is architected so that application developers can get resources needed to develop cutting edge apps not in weeks, days or hours, but in minutes.

    In part one of this three part series, we covered the high level aspects of Kubernetes. This presentation will discuss key capabilities IT vendors are creating based on open source technologies such as Docker and Kubernetes to build self-service infrastructure to support hybrid multi-cloud deployments.We’ll cover:

    •Persistent storage and how to specify it
    •Ensuring application portability between Private and Public Clouds
    •Building a self-service infrastructure (Helm, Operators)
    •Selecting Block, File, Object (Traditional Storage, SDS)
  • [Panel] Building Applications in the Cloud: Best Practices Jul 9 2019 3:00 pm UTC 60 mins
    Panel of experts
    With an increase in the number of applications being deployed on the Cloud, so to have questions about the issues presented by this recent technology adoption.

    Join this panel of experts as they discuss the importance of getting to grips with cloud infrastructure, load variance and cloud services, and learn the key best practices that will ensure your strategy is a success.
  • What Got Us Here Won’t Get Us There – A Story of Transformations Jun 24 2019 8:00 am UTC 60 mins
    Mirco Hering, Global DevOps Lead, Accenture
    As they say, nothing is more dangerous than using yesterday’s logic for today’s problems, yet we are still working in our organisations with mental models that are inspired by manufacturing. You can see artifacts of it even in the language we use: people are resources and they work in development factories. If we are surprised why our transformations are not progressing as fast as we hoped when Agile took the stage, then looking to these old mental models provides part of the answer.

    In this talk I will explain from practical experience in my work, how the old models still influence us every day and how we can break away from them and learn new models. I will give positive and negative examples from real projects to show that it is normal to experience failures and how to course correct from the lessons such failures teach us.

    I will also provide pragmatic steps that everyone can take in their own organisations that don’t rely on buying new tools or following specific methods. Charting your own course starts with understanding where the problem is and understanding where our mental models let us down is part of that journey.
  • Achieving Data Agility in a DevSecOps World Jun 20 2019 9:00 pm UTC 45 mins
    Sanjeev Sharma, VP and Global Practice Director for Data Modernization, Delphix
    As organizations mature on their DevOps adoption journey, adopting Continuous Integration and Continuous Delivery (CI/CD) automation, and breaking down organizational silos, application delivery and infrastructure provisioning speed is being accelerated. The next challenge now being exposed is the lack of agility in delivering Data into non-production environments.

    Development and Testing require the availability of relevant data in the production-like Dev and Test environments on demand, to ensure rapid testing and validation of each Build. Data is however difficult to provision and deliver on demand. This results in Data Friction being the impediment to true ‘flow’ through application delivery pipelines. Other than the inherent cost and time it takes to provision and store data instances, there is also the risk that exponentially increases as more and more instances of Data are provisioned in multiple non-production environments.

    As Dev-Test teams deliver faster and leverage more environments across parallel development streams, the number of non-production Data instances is typically several orders of magnitude higher than Production instances, increasing the exposed surface area. The ask hence is to be able to provision and deliver production-like Data instances, on-demand, as, when and where Dev-test practitioners need them in non-prod environments, while securing the Data at the same time.

    In this session Sanjeev Sharma, VP and Global Practice Director for Data Modernization will discuss practices large enterprises need to adopt, across Process, Technology and People in order to be able to Provision, Deploy, Manage, Govern, and Secure Data in Application Delivery Pipelines, addressing Data Friction and Data Security challenges that may be impeding DevSecOps adoption.
  • Six Levels of Energy to Consciously Take a Leap into Digital Transformation Jun 20 2019 5:00 pm UTC 60 mins
    Aditya Guthey, Speaker and Coach, www.whoweare.io
    Digital revolution has been happening at a fast pace. Things are constantly changing, and companies either play a catch-up game or lead the revolution. This webinar helps you consciously choose how to respond to the digital revolution.

    We will discuss the six levels of energy that helps build consciousness around the decisions we make. Then we discuss how these six levels of energy apply to the digital transformation. This helps the companies know where they are and where they want to be with respect to the digital revolution so that they can consciously take action steps in moving closer towards the company's goals.

    About the speaker:
    Aditya Guthey is a performance coach who helps engineers perform at their peak. An engineer by craft, he offers keynotes, workshops, group, and individual coaching to help create high performing engineering teams.
  • SHIFT LEFT THEN SHIFT UP: Strengthening Your DevSecOps Posture Jun 20 2019 3:00 pm UTC 45 mins
    Rani Osnat, VP of Product Marketing Aqua Security
    The concept of “shift left” engages security earlier in the development cycle of cloud-native applications, accelerating development while reducing risk. However, migrating to cloud-native environments also necessitates the security team to “shift up”, focusing on the application layer to account for the shared-service model and “thin OS” environments that are prevalent in these environments.

    Attend this webinar to learn why Shifting Up provides improved security and cost efficiency in cloud-native environments, including:

    - Kubernetes orchestrated applications
    - Containers running on VMs
    - Serverless containers (e.g., AWS Fargate and Azure Container Instances)
    - Serverless functions (e.g., AWS Lambda and Azure Functions)
  • 10 Attributes of Elite DevSecOps Programs Jun 20 2019 1:00 pm UTC 45 mins
    Derek Weeks, VP at Sonatype and Co-Founder of All Day DevOps
    We've spent six years studying secure coding practices of DevOps and Continuous Delivery organizations by surveying over 15,000 IT professionals. We've analyzed their staffing practices, educational priorities, automation choices, and process improvements that improve their cybersecurity preparedness. Our study has also uncovered details of where automation fails, awareness falls short and breaches happen.

    Come participate in this session where we will share the 10 habits practiced by the DevSecOps Elite that you can then apply to -- or further mature within -- your own organization. We will also uncover what our analysis revealed about securing CI/CD pipelines, including what popular Jenkins plug-ins are used for security.

    Learning objective:
    We've spent six years studying secure coding practices of DevOps and Continuous Delivery organizations. Learn the 10 habits practiced by the DevSecOps Elite -- including their approaches to training, process, and automation -- that you can apply to your own organization.
  • [Panel] DevOps Adoption Challenges and How to Overcome Them Recorded: Jun 19 2019 59 mins
    Brad Schick, Skytap | Daniel Breston, Virtual Clarity | Jeremy Brown, Red Hat EMEA
    To win with DevOps, you need to be aware of potential issues and know how to overcome the challenges so that you can make the most of its benefits.

    With the incredible growth of DevOps in a short space of time comes numerous questions about how best to adopt it. From insights and driving factors of adoption - to dealing with legacy systems and incorporating robust security features - join our panel of experts to hear advice and learnings from those at the forefront of DevOps adoption.

    Brad Schick, CTO, Skytap
    Jeremy Brown, Director, Red Hat Open Innovation Labs - EMEA, Red Hat
    Daniel Breston, Technology Leadership Transformation Coach, Virtual Clarity
  • Integrating AppSec into Developer Tools and Processes Recorded: Jun 19 2019 51 mins
    Tim Jarrett, Product Management at Veracode
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • Digital? Transformation? Oh, you mean shiny new tech! ...Err, no, I don't! Recorded: Jun 19 2019 44 mins
    Daniel Breston, Technology Leadership Transformation Coach, Virtual Clarity
    Sounds easy this Digital Transformation thing. Everyone apparently is doing it. Save a bunch of money. Makes customers happy. Our organisation looks good in the press or on the stock market. Hey – we don’t even have to do it as we can outsource everything to someone else! Nirvana!

    Really? I mean REALLY? What percentage of these initiatives do not meet their expectations? What percentage of these initiatives instead make customers unhappy, or cause staff to leave or cost you money because you did not consider what these 2 words REALLY mean?

    Let’s discuss what Digital Transformation can mean to you in what I hope is an interactive session on language, leadership expectations, metrics, basic tools you need, challenges, outcomes and the impact on your people. This is not a technical session. This is a discussion for leaders at any level on how to best engage the new industrial movement of our time best known as Digital Transformation.

    About the speaker:
    Daniel Breston was a technology leader at some level for over 3 decades for large financial services organisations in the USA and UK. Now at Virtual Clarity, Daniel coaches leaders that want to benefit from or lead technology teams to help organisations do better things faster and safer. You can also find Daniel speaking at ITSM, DevOps or local conferences or join him in discussion blogs.
  • Securing the Sugar out of Azure DevOps Pipeline Recorded: Jun 19 2019 43 mins
    Colin Domoney DevSecOps Consultant at Veracode
    This webinar will provide a comprehensive look at the security features of the Azure DevOps CD/CD platform. The topics include built-in security features such as user access controls and branch policies; and an overview of best practice for the incorporation of various 3rd party security tooling such as Veracode Greenlight within your pipeline.

    Other topics include best practices for pipeline telemetry, reporting, pipeline protection and templates for security best practices. Whether you are a software developer using Azure DevOps, a security manager or a DevOps expert this webinar should further enhance your expertise in secure software delivery with Azure DevOps.

    Register for this live webinar where Colin Domoney - DevSecOps Consultant at Veracode - will leave you with a clear understanding of how to Secure your DevOps Pipeline.
  • If Developers Own Security Testing in DevOps - What is Security's Role? Recorded: Jun 19 2019 42 mins
    Chris Wysopal, CTO at Veracode
    Application security is “shifting left.” As the responsibility for ensuring the stability and security of software shifts to developers, what does this mean for security professionals? What does their job look like if developers are responsible for security testing?

    •What the security professional’s role and responsibilities look like in a DevSecOps shop
    •The DevSecOps cultural changes that will affect security
    •The attributes that security tools will need in this new landscape
    •Best practices for security professionals looking to not only survive, but thrive, in a DevSecOps world
  • The State of DevSecOps - Featuring Amy DeMartine of Forrester Research Recorded: Jun 19 2019 56 mins
    Chris Eng, Veracode Vice President of Research and guest, Forrester Research Principal Analyst Amy DeMartine
    In our recent State of Software Security Volume 9 report, Veracode examined fix rates across 2 trillion lines of code shows that the number of vulnerable applications remains staggeringly high. More than 85 percent of all applications contain at least one vulnerability following the first scan, and more than 13 percent of applications contain at least one very high severity flaw.

    One thing is certain: the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed.

    There are just too many vulnerabilities for organizations to tackle all at once, which means it requires smart prioritization to close the riskiest vulnerabilities first. For the first time, our report shows a very strong correlation between high rates of security scanning and lower long-term application risks, which we believe presents a significant piece of evidence for the efficacy of DevSecOps. In fact, the most active DevSecOps programs fix flaws more than 11.5 times faster than the typical organization, due to ongoing security checks during continuous delivery of software builds, largely the result of increased code scanning.

    Join guest presenter Amy DeMartine, Principal Analyst, Forrester Research Inc., and Veracode’s Chris Eng as they deliver valuable takeaways for business leaders, security practitioners and development teams seeking to secure their applications. Listeners will learn potential prioritizations and software development methods that could help their organizations reduce risk more quickly.
  • Panel: How Your Company Can Move From Understanding DevSecOps to Implementing It Recorded: Jun 18 2019 49 mins
    Chris Wysopal, Veracode | Paul Keim, Cox Communications | Pejman Pourmousa, Veracode
    All our preceding sessions have described the key elements of a shift to DevSecOps. Now get practical tips, best practices and next steps on migrating to DevSecOps from our panel of experts. During this session, we will continue the conversation in an open discussion format and break for audience Q&A.

    Bring your questions and get ready to contribute your thoughts and ideas during this “ask the experts” session.

    Chris Wysopal - Chief Technology Officer - Veracode
    Paul Keim - Senior Security Architect - Cox Communications
    Pejman Pourmousa - Vice President, Services - Veracode
  • Integrating App Security Policies into a DevOps World Recorded: Jun 18 2019 39 mins
    Pejman Pourmousa, VP, Services at Veracode
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • Improving DevOps Collaboration and Capturing Capex Value Recorded: Jun 18 2019 60 mins
    Chris Bland, CEO, BDQ
    We will talk about some of the lessons learned with our customers, and techniques that can be used with Atlassian products and Apps, to improve DevOps collaboration. We discuss a recent implementation using Tempo Timesheets, whereby a large customer needed to record the time of engineers as painlessly as possible, in order to accurately capture their capital expenditure.

    We will then describe how silos can be broken down using the Atlassian products, from requirements, through to testing, and ultimately customer service, using Confluence, Jira Software, Zephyr for Jira, and Jira Service Desk.

    We will also show how a product like Sonatype/Nexus can be added into the CI/CD pipeline, reducing exposure to vulnerabilities from open source libraries, whilst still allowing developers to work at the same speed.

    Using tools effectively will help underpin DevOps collaboration. DevOps is all about culture – but using tools provides a framework for change.

    Chris’s company, BDQ, is an Atlassian Solution Partner. Chris has been in the software industry for over 20 years, and understands the full lifecycle of the software business, working from initial concept to delivered product. BDQ delivers consultancy, training, and integration to a range of customers, such as Clarks, Ocado, Direct Line, Legal and General, BetWay and Compare the Market.
  • DevSecOps Beyond the Myths: Cutting Through the Hype and Doubt to Get Results Recorded: Jun 18 2019 34 mins
    Sam King, CEO at Veracode
    DevSecOps is moving beyond the buzzword stage and into the real world. But there are obstacles standing in the way of widespread adoption. Perhaps the biggest obstacle is a lack of understanding about what DevSecOps is, which can discourage IT leaders, developers, and security teams who fear that it is a bridge too far to cross from DevOps, let alone Waterfall and Agile methodologies. Despite these myths and doubts, DevSecOps is producing real results in organizations that embrace it. For example, Veracode’s analysis of thousands of application scans found that applications scanned for security flaws early in the development process had a 48% higher fix rate (reduction in flaws) than other applications.

    In this keynote address, Veracode General Manager Sam King will introduce the concepts of DevSecOps that will form the basis of this virtual summit. Sam will discuss:

    -A simple definition of what DevSecOps is, beyond the hype and the myths, and why it holds promise for bringing together the assurances of AppSec with the speed and agility of DevOps

    -Why the evidence says that DevSecOps is attainable in the real world – how Veracode scanning data shows that there is a genuine shift to DevOps and DevSecOps happening, one step at a time.

    -Overview of the challenges that stand in the way – cultural, process, and technological – and how best practices can break down barriers to change.

    -Welcome to speakers and setting the stage for what you should expect and come away with from the event.
  • DevOps for Your Cloud Project - What’s Behind the Success of Cloud Adoption? Recorded: Jun 18 2019 19 mins
    Alberta Bosco, Sr. Product Marketing Manager at Puppet
    The shift to the cloud is about breaking down traditional barriers and opening new lines of communication and collaboration to solve problems. If you have already implemented DevOps practices in your organisation you will find it much easier to transition to the cloud.

    Why? Because cloud transformation requires significant collaboration between different teams. Because cloud adoption is complex a diverse, cross-functional team with experience and perspectives from around the company, can help create a collaborative environment that enables success.

    In this talk you will learn:

    How to manage the cultural shift required for a successful cloud project;

    How to build cross-teams, establish processes, adopt new tools and define KPIs;

    How to identify areas for improvement, increase agility and efficiency.
  • A Process for Running Robust and Empowered DevOps at Scale Recorded: Jun 18 2019 36 mins
    Mark Debney, DevOps Director at 6point6
    The first step in DevOps implementation at scale involves building a solid foundation of tooling, automation, architecture and testing to provide a standardised level of consistency for development teams to build upon. But where to from here?

    How do we move from dedicated DevOps engineering teams to a robust DevOps capability ingrained within multi-disciplinary teams?

    What steps can we put in place to ensure DevOps works effectively at scale?

    When we acknowledge that scaling DevOps is really about strengthening DevOps capabilities within development teams, we can identify which capabilities are core to our delivery process, how we can strengthen and share these effectively across the wider development practice and which capabilities, if any, are better suited to sit outside of a development team when running at scale.

    Join the 6point6 DevOps Director, Mark Debney, as he sets out the process for running robust and empowered DevOps at scale.

    About the speaker:
    Mark Debney, DevOps Director at 6point6

    Mark is an IT infrastructure specialist with over 20 years’ experience in technology and computer systems. His expertise lies in systems architecture and he has built a number of large-scale high transactional platforms using agile and DevOps methodologies.

    Mark is the Director for DevOps at 6point6, a leading technology consultancy, and helps to shape their DevOps offering with a focus on deploying DevOps at scale for Enterprise solutions.

    Prior to joining 6point6 Mark spent eight years at BSkyB where he was a Principal Engineer and led the Platform as a Service team, assessing emerging technologies and implementing solutions across the wider DevOps group. Before BSkyB Mark held System Administrator roles at The Prytania Group, Reading Room, AM International and was an Electronics Technician in the Royal New Zealand Navy.
Trends and insights for developing apps and maintaining service
The webcasts in this channel will highlight trends and best practices for the application development lifecycle as well as how to make sure your application maintain a steady level of service.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Introducing a Security Feedback Loop
  • Live at: Apr 25 2019 7:00 pm
  • Presented by: Dan Garfield, Chief Technology Evangelist, Codefresh.io
  • From:
Your email has been sent.
or close