In the past two years a new community has begun to rear its head, the DevSecOps Community. This year’s DevOps Connect seminar at RSAC 2017 APJ will concentrate on how companies are beginning to incorporate security into the DevOps automated pipeline, what that can mean for your business and what the transformation process will look like. Practitioners working through the DevSecOps journey will present their stories, giving real world examples of what you can expect, obstacles they’ve overcome both technologically and culturally, and what they anticipate will be the outcome of their initiatives.
Headlining the day’s speakers is John Willis, co-author of The DevOps Handbook, who will also be signing and giving out free copies of the handbook which contains case studies on over 40 DevOps transformations.
After a full day of presentations, join us for a cocktail reception, DevOps Wine-ing (not Whining), as we co-mingle the DevOps and Security Tribes as part of the dynamic DevSecOps community.
9:00 AM – 10.00 AM - Breaking Bad Equilibrium
What does ‘Bad Equilibrium’ look like? Borrowing concepts from economic dislocation, cognitive psychology and game theory to help us recognize systemic organizational issues, this session will explore how to capitalize on these dislocation gaps to create competitive organizational performance. Examples from Michael Lewis’ Moneyball will be used to show how a famous ‘Bad Equilibrium’ changed baseball forever.
10:00 AM – 10:35 AM - A Tale of Three Horses
Vantage Point Security
Application Security Programs, Agile Security, DevSecOps, Red Teaming
We all envy unicorns like Amazon, Netflix and Google. They have it all figured out and are light years ahead of the rest of the pack. This talk will explore security challenges organizations encounter as part of their digital transformation journey and shows that DevOps is a perfect opportunity to embed security, using actual experiences of three organizations in Asia to illustrate the key points.
10:50 AM – 11:25 AM - Teddy Bears and Security Blankets: Working with Ambiguity
Dialogue Mapper, Cloud Technologist, Decision Making, Wicked/Complex Problems
Teddy bears and fetishes: could they explain why the IT security industry sometimes holds on tightly to manual, antiquated practices? This talk will examine the powerful, yet hidden force of ambiguity and how intolerance of it drives self-defeating behaviors in the security industry and the DevOps movement, yet how harnessing it helps DevOps and security practitioners work together to put the Sec into DevSecOps.
11:25 AM – 12:00 PM - DevOps: A How-To for Agility with Security
Murray Goldschmidt and Michael McKinnon
Sense of Security
COO and Director, Commercial Services
This presentation will cover advanced techniques on security automation across the service delivery lifecycle including static and dynamic code analysis to infrastructure and platform vulnerability management. The model addresses cybersecurity threats across various attack vectors including hacking, insider threats and denial of service.