4:35pm–5:15pm Wednesday, 10/14/2015
Are you currently running at AppSec program? Nobody said it was going to be easy working on the inside of AppSec. AppSec programs fall into an odd middle ground; highly technical interactions with the Dev and Ops teams, yet a practical business focus is required as you go up the org chart.
2:00pm–2:30pm Monday, 10/12/2015
PCI is critical if you wish to process payments for customers. Sadly, compliance can be especially onerous to achieve while retaining agile, lean teams with DevOps mindsets. In this session we will examine how a small team was able to leverage AWS, automation, infrastructure as code, and SaaS platforms to achieve PCI compliance on time, on budget, and without discarding our DevOps culture.
11:20am–12:00pm Tuesday, 10/13/2015
This is a discussion of the ethical obligations in Internet Operations, where a binding code of ethics or even a definition of various professions has been missing. We will review the concept of a professionally defined code of ethics, and consider the impact software and infrastructure engineers have in a world where software and internet applications are increasingly dominating our lives.
1:15pm–1:55pm Tuesday, 10/13/2015
We are going to demonstrate how this system was developed to provide a stable platform during the Cyber Defense Exercise, where active defenders and very aggressive cyber attackers created an unpredictable and unstable environment.
2:10pm–2:50pm Wednesday, 10/14/2015
Security is as essential to the DevOps process as any other team involved; however, much of the time they're an afterthought. In my talk, I explain why it's more important than ever that they're included at the DevOps collaborative table, and show this by walking through the process of securing a popular configuration management tool, Chef Server.
3:40pm–4:20pm Wednesday, 10/14/2015
The challenge of maintaining a secure site is typically prioritized over creating a fast and optimal site, because of the focus on blocking malicious traffic at the origin. It is often forgotten that security is not only a concern at the origin, but also at the browser. And with that, there are new opportunities to safely secure the user experience while also optimizing the front-end experience.
4:25pm–4:55pm Monday, 10/12/2015
DevOps has arrived at large enterprises, but security often gets left in the dust. It is always challenging to embed security in the delivery pipeline for a large regulated enterprise like Capital One. In this session, we will review the tools, automation, collaboration between organizations, and feedback mechanisms that Capital One has implemented to enable secured continuous delivery.
2:30pm–3:00pm Monday, 10/12/2015
Today we write less code & consume more reusable open source, but it is open season on open source as more vulnerabilities are identified. Containers add to speed and efficiency, but with a cost to visibility at a time when we need it most. See how you can achieve continuous acceleration with a byproduct of higher quality and less risk by embracing supply chain principles with containerization.
11:20am–12:00pm Wednesday, 10/14/2015
Computers are hard, and security is even harder. Let's discuss the role of security in this new *aaS landscape. We'll talk about things to do when you have a dedicated InfoSec team, tools you can use when you don't, and how you can strengthen your security posture while maintaining your ability to move quickly and deliver value to your customers.