Name
PC4. Practical Dev(Sec)Ops
Track
PreConference
Date
Tuesday, May 8, 2018
Time
8:00 AM - 4:00 PM
Description

Session Description: 

This course provides a pragmatic foundation for understanding the DevOps movement, how security fits with it, and how to make the jump to DevSecOps, integrating security programs into a DevOps initiative, as well as learning how to apply DevOps principles and practices to security programs.

Lesson 1: A Brief DevOps Primer

A general introduction to the DevOps movement, how it started, what it means, why it's important, related initiatives, and key attributes.

Lesson 2: Applied DevOps

A detailed look at DevOps in action, with an emphasis on the practical and pragmatic. Discussion of how DevOps initiatives can be started, what sort of planning and strategic elements should be considered, and key security challenges.

Lesson 3: Applied DevSecOps

Discussion will pivot to addressing security challenges within a DevOps program, including how to best leverage DevOps to improve the security program itself. A wide range of topics will be covered, including application security and secure coding, audit and compliance, vulnerability and patch management, security as code, data analytics and reporting, and unique challenges and opportunities pertaining to logging, monitoring, detection, and response.

 

Speakers
DJ Schleen - Sonatype
Speaker Bio(s)
DJ is a DevSecOps Evangelist and Security Architect at a large healthcare organization, where he provides DevSecOps thought leadership throughout their journey of cultural revolution, digital transformation and containerization. He specializes in automating security controls in DevOps environments and is a hacker by training – doing significant R&D work in Moving Target Defense, Mobile Security, Ethical Hacking, and Penetration Testing. As an expert in Application Lifecycle Management (ALM) and ITIL, DJ has worked to streamline development pipelines for many Fortune 100 organizations by focusing on people and process. He is an active speaker, blogger, and author in the growing DevSecOps community where he encourages organizations to deeply integrate a culture of Security into everything they produce.