DevOps succeeded by fostering a culture of shared responsibility, and now security must be integrated to break down the final silo.
Proactively address security by defining abuse cases during requirements and classifying or anonymizing data during the design phase.
Shift security left by integrating automated vulnerability management for dependencies and continuous penetration testing into the CI/CD process.
Most network traffic occurs internally between services (east-west), bypassing perimeter firewalls and exposing a soft interior to application-level attacks.
Protect against internal threats by decoupling security from the network and applying logical firewalls directly to each workload through microsegmentation.
Implement a Zero Trust model by having developers define workload communication intentions as code, which automatically generates and enforces security policies.
Adopting a Zero Trust, workload-centric model provides benefits like increased agility, complete application-level visibility, automated compliance, and real-time forensics.
Developers must take ownership of security by adopting a paranoid mindset to build more resilient software in an increasingly dangerous cloud environment.
33:20Aarno Aukia
51:41Panel Discussion
45:19Reinhard Kugler
44:30Milecia McGregor
43:56Mauro Verderosa
37:32Martin Schmiedecker
1:41:05Mathias Tausig
58:19Michael Koppmann
.png?w=240&auto=compress,format)
Jobs that call for the skills explored in this talk.
NTT DATA Deutschland GmbH
NTT DATA Deutschland GmbH
cyberunity AG
RDT INGENIEROS
Akkodis Germany GmbH