Virtual Summit
Now Available On-Demand


Register Now Login
about

Integrating Security into DevOps

DevOps.com & Security Boulevard are excited to announce the launch of the first DevOps Connect: DevSecOps Days Virtual Summit on Tuesday, April 2nd, 2019. You’ll hear stories from DevSecOps practitioners, explaining how they made the cultural transformation from legacy development and deployment processes to integrated systems that include security as a part of the process, not as an overseer or bottleneck to secure application development.

Similar to the environment we created for the DevOps Experience, and Predict 2019 will feature a virtual environment with a conference lobby, presentation theater, expo hall and more. More than a series of YouTube live presentations, it is truly a conference experience from the comfort of your desk.

Join John Willis, Chenxi Wang, Shannon Lietz, James Wickett, Alan Shimel and other industry luminaries for a deep dive into the world of DevSecOps. Register now to attend live on Tuesday, April 2nd. Registration is FREE, but space is limited. Reserve your spot now!

Alan Shimel and Mark Miller recaps the day at DevOps Connect: DevSecOps Days
San Francisco, March 4, 2019

speakers

Speakers

agenda

Agenda

Join John Willis, Chenxi Wang, Shannon Lietz, James Wickett, and other industry luminaries for a deep dive into the world of DevSecOps. Register now to attend live on Tuesday, April 2nd, 10:00am ET. Registration is FREE, but space is limited. Reserve your spot now!


Can’t make the live event date? No worries! Register for the event, and we’ll send you the replay link after the event.
Already registered? Log in here.

All sessions are scheduled in Eastern Standard Time (EST)

10:00 - 10:10am - Welcome and Introductions - Alan Shimel & Mark Miller

Welcome and Introductions

Alan Shimel, Editor-in-Chief and Founder, DevOps.com and Security Boulevard
Mark Miller,  Sonatype, All Day DevOps

10:10 - 10:55am - Panel: The DevSecOps Handbook - John Willis, Shannon Lietz, Ernest Mueller, James Wickett

Panel: The DevSecOps Handbook

Shannon Lietz – Intuit
James Wickett – Signal Sciences
Ernest Mueller – AT&T Cybersecurity
Moderated by: John Willis – Botchagalupe Technologies
Join John Willis, Shannon Lietz, Ernest Mueller and James Wickett for a discussion on DevSecOps, where it has been, where it is going and what your role is in the future.

11:00 - 11:25am - When should enterprise DevSecOps be Cloud-Native? - Chenxi Wang

When should enterprise DevSecOps be Cloud-Native?

Presenter: Chenxi Wang – Rain Capital
Cloud native security solutions are designed and built on the Cloud, leveraging the native services of each public cloud or container platform. While some of these services bring significant value, they should be integrated with the enterprise delivery pipelines as well as the security tooling for scanning and control. This talk will discuss the security motivation for extending enterprise pipelines with external cloud-native tooling, creating hybrid DevSecOps pipelines. It will present the common misconceptions with respect to enterprise DevSecOps and will discuss in which cases extending it with Cloud-native is beneficial.

11:00 - 11:25am - DevSecOps Transformation at Scale - Larry Maccherone, Courtney Kissler

DevSecOps Transformation at Scale

Presenter: Larry Maccherone – Comcast
Hosted by: Courtney Kissler – Nike
Many security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. Similarly, security groups believe that policy enforcement is their biggest (only?) lever… “If we can just update the policies to be more (consumable/relevant/context aware/etc) and get developers to pay attention, then magic will happen.” But, policy enforcement rarely moves the needle and it creates a tense relationship between development and security that can do more harm than good.

More importantly, policy enforcement takes the place of development teams owning the security problem. The Lean, Agile, and DevOps movements have been successful precisely because they have empowered development teams to take ownership of QA, product management, operations, etc. in recognition of 100+ years of social psychology research proving that approaches with strong elements of intrinsic motivation (taking ownership) are far superior to extrinsic-only (policy enforcement) approaches.

So, how does a CISO or other security leaders break away from independent gating and policy enforcement to adopt this new approach? You have to change the mindset of your own security team as well as client development teams. You have to make the right thing to do be the easy thing to do. You have to get executive sponsorship throughout the organization and get middle management on board. You have to build trust between Dev, Ops, and Sec. And, a host of other things. Where do you start?

This talk is a step-by-step framework that will take you from wherever you are now and get you on the path of DevSecOps cultural transformation. It addresses the mindset shift concerns for all relevant audiences. It addresses the mechanics of getting started and tracking progress. It’s adaptable to any environment regardless of industry, technology, or maturity. Most importantly it’s been proven in a highly diverse environment at Comcast.

11:30 - 12:15pm - Panel: DevSecOps in the Healthcare Industry - DJ Schleen, Poornaprajna Udupi, Mark Miller

Panel: DevSecOps in the Healthcare Industry

DJ Schleen – Aetna/CVS
Poornaprajna Udupi – Lyra Health
Omar Khawaja – Healthmark
Moderated by: Mark Miller – Sonatype, All Day DevOps
Listen in as a panel of Healthcare IT Professionals talk about the successes and epic failures of their efforts to transform IT for the Healthcare industry through their DevOps/DevSecOps initiatives.

Break
12:30 - 12:55pm - DevSecOps – Strategies on How to Get Buy-In and Get Started - Anne-Marie Zettlemoyer, Chris Roberts

DevSecOps – Strategies on How to Get Buy-In and Get Started

Presenter: Anne Marie Zettlemoyer – Mastercard
Hosted by: Chris Roberts – Attivo
As security professionals we often lament on the still current reality that security is often an afterthought in the development processes, hastily and reluctantly bolted on at the end. There is no shortage of angst and frustration on this topic. We pontificate, theorize, analyze, and preach until we are blue in the face on how to win the argument of “speed of delivery vs. delivery securely”, “write access vs. right access” and so on – how to “get them to do better” while the other side watches us with our flailing arms and wonders the same thing. How do we move from talking past each other and admiring the problem to truly actioning change? What does it take to actually get started on the DevSecOps journey? This talk will focus on simply that – how to get started. From understanding, quantifying, and translating the problem to be solved and gaining support and the resources to meet it, we’ll discuss how to get buy in from the bottom and the top in order to make the start of the journey a viable and successful one.

12:30 - 12:55pm - Using Measurement and Reporting in Information Security to Drive Behavior Among Developers and Beyond - Omar Khawaja, Hasan Yasar

Using Measurement and Reporting in Information Security to Drive Behavior Among Developers and Beyond

Presenter: Omar Khawaja – Highmark Health
Hosted by: Hasan Yasar – CMU
One formidable Information security challenge lies driving people to behave in certain desired (secure!) ways. One key to accomplishing this is to measure and report the right data sets to the right audience. It depends on organizational risk, business needs, collected data. Subsequently, how should the outcomes of measured data be shared with developers? It has be timely, in a digestible format and aligned to principles of DevSecOps. You may have great development environment, process and perhaps a very talented team with tremendous data, but when the data does not resonate your dev team, the desired behavior is unlikely. I will explain our early progress and plans at Highmark Health as we pursue our DevSecOps journey in earnest.

1:45 - 2:30pm - Panel: DevSecOps in the Finance Industry - Anne Marie Zetlemoyer, Chenxi Wang, Oleg Kryb, Caroline Wong

Panel: DevSecOps in the Finance Industry

Anne Marie Zettlemoyer – Mastercard
Alexandra Shulman-Peleg – Citi
Oleg Kryb – VISA
Moderated by: Caroline Wong – Cobalt.io
The finance industry has been the poster-child for disruption through DevOps/DevSecOps initiatives. Listen in as a panel of Finance Industry Professionals talk about the successes and epic failures of their efforts to transform IT for the Finance industry through their DevOps/DevSecOps initiatives.

2:30 - 2:55pm - DevSecOps in Low and No Code Environments - Navin Vembar, Derek Weeks

DevSecOps in Low and No Code Environments

Presenter: Navin Vembar – former GSA
Hosted by: Derek Weeks – Sonatype
When we talk about DevSecOps, we are often talking about custom code in fully built environments. But, as low- and no-code environments proliferate, we still want to follow the directions that DevOps takes us – frequent deliveries, automated testing, monitoring, and all of the other important factors that make for high-performing teams are still important. In this talk, we will talk about some of the challenges and successes in moving towards DevOps in environments that may mix low-code, no-code and custom code into one.

2:30 - 2:55pm - Security Data: GPS for Application Teams - Jodie Kautt, Jennifer Czaplewski, Caroline Wong

Security Data: GPS for Application Teams

Presenter: Jodie Kautt – Target
Presenter: Jennifer Czaplewski – Target
Hosted by: Caroline Wong – Cobalt.io

In this session, Jennifer and Jodie share how they have changed the internal culture in IT around security of applications. They have a system self-named as “Product Intelligence” where the team measures how closely an app lines up with the security requirements and gives the app a “credit score.” The process then offers very specific steps to take to improve the
security of your app. Jodie and Jennifer will go over the results of implementing the process and discuss the next steps in the initiative.

Break
3:15 - 3:40pm - Defending Account Takeovers at Remitly: Throwing Out the Bad, But Not the Good - Kevin Hanaford, James Wickett

Defending Account Takeovers at Remitly: Throwing Out the Bad, But Not the Good

Presenter: Kevin Hanaford – Remit.ly
Hosted by: James Wickett – Signal Sciences
Many attack types can be easily stopped with specific tools and environment configurations, but Account Takeover attacks don’t follow conventional attack patterns – they look, act, and feel like legitimate users. Defending Account Takeover attacks can be extremely difficult without the right tooling, visibility into your environment, and intimate understanding of your users, but there are ways to make defending these attacks much easier.

3:45 - 4:30pm - Panel: Management and Leadership in DevSecOps - Courtney Kissler, Chenxi Wang, Larry Maccherone, James Wickett, Rich Mogull

Panel: Management and Leadership in DevSecOps

Courtney Kissler – Nike
Chenxi Wang – Rain Capital
Larry Maccherone – Comcast
James Wickett – Signal Sciences
Hosted by: Rich Mogull – DisruptOPS
As DevSecOps starts to become more prevalent in forward thinking enterprises, what does management and leadership need to know in order to take advantage of this transformation.

4:35 - 5:00pm - Final Thoughts - Alan Shimel & Mark Miller

Final Thoughts
Alan Shimel, Editor-in-Chief and Founder, DevOps.com and Security Boulevard
Mark Miller, Sonatype, All Day DevOps

join-us

Free Registration

Register now to attend live on Tuesday April 2nd. Registration is FREE, but space is limited. Reserve your spot now!

Can’t make the live event date? No worries! Register for the event, and we’ll send you the replay link after the event.

Already registered? Log in here.

View the Agenda at a Glance >

Please complete your registration below. All fields marked with an * are mandatory.


  • By checking this box I agree to the above information being used for processing by MediaOps and the Data Collection Consent for 6Connex, and shared with the aforementioned parties in order to process my registration.

    I further agree to stay informed about future webinars, newsletters, ebooks and events relevant to my professional interests. You may unsubscribe from receiving marketing emails by clicking the unsubscribe link in each such email from MediaOps and other third parties/partners. More information on our processing can be found in the MediaOps Privacy Statement .
platform

Virtual Environment

DevOps Connect: DevSecOps Days will use a virtual environment platform that brings almost all of the experiences of a physical world conference to the ease and comfort of your desktop, laptop, tablet or even phone.

sponsorship
presentedby

DevOps Connect: DevSecOps Days

MediaOps, the company behind technical communities such as DevOps.com. Container Journal, Security Boulevard and DevOps TV, DevOps Experience, Predict 2019 and now producing DevOps Connect: DevSecOps Days.

Our virtual event events are based-on industry’s first truly immersive, virtual reality conference environment. More than a series of strung together Google Hangouts, DevOps Connect: DevSecOps Days is a true virtual conference, replete with actual theaters to view the keynotes and presentations, a conference lobby to chat and socialize, a real virtual expo floor with virtual exhibitor stands equipped with video, downloads and even schwag for you to take.

Our sessions feature leading names in the industry and are really aimed at practitioners, managers and those who are really involved or want to know what the experts, pundits and luminaries think will be the big DevSecOps trends and stories of the coming year.

In an age where it seems that there is another conference to go to every week, the beauty of DevOps Connect: DevSecOps Days is that you can attend from the comfort of your work desk, laptop or even your phone. No hotels, no airplanes, no travel – no traffic or parking garages. Log in – listen, learn, network, enjoy.