How to fit Sec into DevOps without Security team

DevOps team becomes a crucial element for the software development business and practices over all companies. If you can’t save time and unnecessary resource spending by leveraging automation in development cycle, you definitely loose time-to-market race with your competitor. When the entire workflow and DevOps tools are working at full capacity, it comes… Security… that makes struggle and slows down sometimes, doesn’t it? However, the presence of a centralized dedicated Security team, and even with specific knowledge (and bandwidth) about Secure Development Lifecyle (SDL) and DevSecOps, could be an unacceptable luxury for some medium or small companies. On the other hand, it could be hard for DevOps engineers to learn all that vulnerability handling specifics, Security tools and process features to establish the baseline: deliver the most robust and secure products as we can. Based on my and industry-leading experience I will explain how DevOps team can implement cheap and useful tools and automation practices to address 80% Security concerns related to development pipeline.
Key points:

  • Where vulnerabilities come from, in plain “development” English.
  • From which point Sec starts within DevOps.
  • Sec tools inside and beyond regular DevOps toolkits.
  • Sec difficulties in DevOps: how to avoid pitfalls.
  • DevOps success stories and business wins, thanks to Sec.

Target audience: non-security folks – DevOps engineers, Developers, QA engineers.

Speaker

  • Roman Zhukov
    Roman Zhukov
    Intel

    Roman is a practicing cybersecurity expert (10+ years). Security Development Lifecycle (SDL): launching and implementation, brought to market products and services, Managed complex security projects, Advised customers: cyber security strategy, business development and value of products. Current role: managing Product Security programs at Intel, recognized as a blue belt in Security.

Date

Jul 20 2022

Time

15:15 - 16:00

Location

Room Barcelona II