2020 DevSecOps Days
DevOps.com & Security Boulevard are excited to announce the return of DevOps Connect: DevSecOps Days Virtual Summit on Thursday, March 26 at 10 am EST. We will present a virtual replay of everything that happened at DevOps Connect: DevSecOps Days 2020 at RSA Conference this year – and more.
Register and join DevSecOps leaders for an all-day event featuring speaking sessions and panels around the topics of digital transformation and disruption. Hear the stories from experts and practitioners on how they handle the transformation to DevSecOps within their company, the types of surfacing problems which impeded their progress and how they get buy-in from all levels of the company.
Just like a real conference – but without the hassle of tickets and crowds – our virtual event features a convenient lobby and a lineup of booths full of downloadable resources. In the auditorium, you will access the sessions by Bryson Koehler and Jamil Farshchi, CTO and CISO of Equifax, Dr. Amit Elazari, Director of Global Cybersecurity Policy at Intel, Larry Macherrone, Director of DevSecOps Transformation at Comcast, and other industry forward-thinkers to get an exclusive look into DevSecOps initiatives at large enterprises and organizations across industries. Register now to save your virtual spot!
Keynote: Security Starts with the CTO and the CISO; The power of Alignment in a Security 1st Culture
Bryson Koehler, Equifax CTO and Jamil Farshchi discusses the road ahead in data security and how Equifax is changing the way they fortify the systems that failed last year and keep pushing to stay ahead of the technology curve.
Principles of DevOps Leadership
Join Ross Clanton as he shares the lessons learned while leading multiple technology transformation and innovation initiatives across Verizon and Target. His passion for DevOps stems not only from the fact that it improves business outcomes, but that it can also improve engagement and overall happiness of people working in technology.
Panel: Transformational Leadership
This panel discusses transformational leadership, including challenges that need to be overcome and techniques for leading DevSecOps transformation. You will hear how all of the panelists have approached this topic in each of their respective companies.
Visit the booths and meet the experts
Leading with the Transformational Power of Trust
The goal of a DevSecOps initiative is to get development teams to make certain mindset shifts and adopt security practices, which simply cannot be done without healthy collaboration and mutual trust. There's the rub. There is typically a lack of trust between the security group and dev teams.
This talk introduces an "algorithm" you can use it to build this trust.
Trust me, we’re doing DevSecOps
Many of the Dev*Ops talks revolve around tools and culture. There are some good, fascinating talks all shouting: “All for the great (business) good!” Yet, they rarely address topics at the interpersonal, relationship level. Pipelines and automation increases our confidence in the process, but does it increase our trust in people? Are we really asking the right questions when we adopt a new tool or do yet another company transformation?
• We start the talk by looking into different models of trust (the currency of trust, faith vs trust, trust vs beliefs...)
• Translate them to day-to-day activities in organisations (reviewing a pull request, security audits, the backlog graveyard, full stack development...)
• How trends like DevOps and DevSecOps relate to trust and confidence (autonomous teams, you build it you run it, hiring for remote...)
• As an extra bonus we will hold a mirror to ourselves while exploring how we trust tools (how we pick an OSS library, select a SaaS solution, the Ikea Effect, chaos engineering...)
• Finally we validate how we can make ourselves more trustworthy (borrowing from Promise Theory)
I have no psychology degree, but given my grey hair and lots of stories from the trenches, I hope you can trust me enough to give you an entertaining and thoughtful talk.
From Silos to Communities - TD Bank DevSecOps Transformation
For mature companies, like North American financial institutions, a stable app that is functional 24/7/365 has become the KillerApp, because this is how we measure Trust that our customers have in us in the digital world. This means that we have to make Resiliency a top priority.
The good news is that, nowadays, everyone is bought into resiliency and is willing to invest in it. We in TD Bank have been busy implementing our resiliency framework. Specifically, we have been focusing on changing how much risk we are taking with each release by adopting Agile and making smaller, more frequent releases. To do that, we needed to shift-left automation and work closely with our risk and control partners to establish trust and acceptance. We also had to implement many strategies to mitigate risk in production.
Of course, the hardest part has been changing the mindset. We have worked on improving collaboration between our teams – business, development, security, etc. As a result, we have successfully broken many silos and instead created communities that collaborate and are aligned to the needs of our customers. This has made our people more resilient and has been essential to making our platforms more resilient.
Security Policy and Regulation Trends for Developers
Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Data Protection, Internet of Things, Coordinated Vulnerability Disclosure (CVD) and more are among the most active and developing areas of security regulation around the world. This evolving landscape also serves as an opportunity for innovation, collaboration and harmonization. This talk introduces the audience to the variety and influx of legal and regulatory concepts and proposals shaping the future of security focusing on recent trends. Highlights will include coordinated vulnerability disclosure, researchers’ collaboration, IoT Security, anti-hacking laws, standards efforts and more. We will also talk about bug bounties and vulnerability disclosure, what are some of the industry's best practices in this area, and how to implement these programs at your organization to foster security, collaboration and transparency.
DevSecOps: It takes DevOps and Security
As organizations seek the business benefits of DevSecOps, both “sides” – DevOps and Security – have a role to play in bridging the divide. StackRox VP Michelle McLean and Alan Shimel discuss the challenges, why it’s hard to change, and what teams can do differently. Learn about:
- DevOps’ need to think of security as more than vulnerability scanning
- The importance of DevOps embracing input from Security
- The very real challenge of “shadow Kubernetes” that Security must address
- How Security teams can define realistic priorities for securing cloud-native tech
Tune into this session to learn what steps you can take to enable DevSecOps in your organization.
The Disruption Mindset
Many companies make “disruption” their goal. They believe if they just develop the right innovation, they will disrupt their markets forever and drive the kind of growth worthy of a magazine cover story. But that’s not how disruption works. Disruption doesn’t create growth; growth creates disruption. While growth is always hard, disruptive growth is exponentially harder. It requires companies to make tough decisions in the face of daunting uncertainties. Disruption demands bold leadership and, often, massive cultural transformation. This session consists of two parts: A keynote presentation by bestselling author Charlene Li followed by a panel discussing the ideas and how they are applied in organizations Takeaway value are practical ways that you can lead a disruption and create exponential change in your organization.
DevSecOps Best Practices with JFrog Xray
In this session you will learn how to leverage JFrog Xray to achieve radical transparency of the binary components in your data center. Understand the impact of these components on production system quality, performance, and architectural changes. We will also cover security topics such as circle of trust, security between locations, security replication, access tokens, and auditing.
Panel: DevSecOps and Disruption
Disruption and DevSecOps seem to go together like a well paired wine and cheese, both are needed in our industry, both are at a point where they’ve spend long enough in the cellar and need to come into the light. As an industry we’re not rowing in the same direction and the collaborative efforts being exerted by the DevSecOps moment is making headway by challenging the silos that have built up. The panel is stacked with a crew of individuals whom are well known in the industry for not shying away from issues, and are advocates for tackling communication, collaboration and cooperation challenges head on. We’ll have a good conversation around the why’s and wherefores of integrating DevSecOps and how it needs to be the cornerstone of a collaborative future within the enterprise.
Panel: Epic Failures in DevSecOps
We learn as much, if not more, from hearing stories of failure as we do from success stories. In this session, the authors of Epic Failures in DevSecOps talk about the genesis of their failure stories, and the experience they gained from working through a major fiasco. Panelists included Sladjana Javonovic and Bill McArthur from TD Bank, Chris Riley from Splunk, Jasmine James from Delta Airlines and Ryan Lockard from Contino.
Reserve your spot now! Can’t make the live date? No worries! Register now, and we’ll send you the replay link after the event. Please complete your registration below. Already registered? Log in here.