SIGS Special Interest Group
5th DevSecOps Forum
Click on the .ics file to save the date
||Professionals which are interested in the topic DevSecOps
From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in this topic in their daily job) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.
||Earn 4 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
|Date of Event
||3rd December 2019
Further planned dates for 2020: 24th March, 23rd June and 12th November
Organization, presentations, beverages and apéro riche included
|1:00 – 1:30 pm
||Registration & Coffee
|1:30 – 2:15 pm
||Andreas Meister, Head Software Engineering/IT Security Architect at SBB AG
The SBB goes DevSecOps
The SBB has already taken a big step towards DevOps. But on the security side, there is still potential. We want to exploit this potential with the well-established engineering principles combined with standardization and the possibilities offered by the new way of building and running applications. This with the goal that security becomes an integral part of our software development cycle.
In this speech, you will hear how we promote change and how we are converting security from a blocking event to a continuous affair. You can learn how we automate and integrate security into our build pipeline. In our transformation, we take advantage of cloud technology, microservices, containers, and GitOps.
|2:15 – 2:45 pm
||Marcus Holthaus, Information and IT Security Architect at suva
Suva SAFe Security Organisation
(details will follow)
|2:45 – 3:30 pm
||Andreas Lambrecht, Solution Architect at Aqua Security
Why Cloud Native Security is different and how you can master these challenges
Containers require a new approach to security as the traditional security infrastructure is not applicable to cloud native and serverless deployments. Rather they must leverage the cloud-native principles of immutability, microservices and portability using machine-learned behavioral whitelisting, integrity controls and nano-segmentation.
|3:30 – 4:15 pm
|4:15 – 6:00 pm
||Workshop by Sven Vetsch
by Sven Vetsch, Head of Security Research at Redguard
As Head of Security Research at Redguard, Sven is responsible for keeping the company’s attack and defense capabilities state-of-the-art and for identifying and integrating new developments. Sven is leader of the OWASP Local Chapter in Switzerland and a founding member of DEFCON Switzerland.
Docker Container Hardening Workshop
Everyone is running containers nowadays. If you have a proper CI/CD pipeline setup, you might even check for outdated packages in your images and some more things one could be considered a security problem. But wait, back in the days when we had complete (virtual) machines, was it enough to just update our system packages to keep everything secure? No, of course not. We hardened our systems and sometimes this task was nearly impossible if you had to still maintain the basic functionality of a server or application. Now when using containers, most of the hardening we see is just to not run processes as root (mainly because OpenShift won’t let us do so by default).
In this workshop I’ll introduce you to the dark arts of actual Docker container hardening. We’ll learn why containers finally allow us to implement real hardening measures and experience what is possible. After the workshop all of the attendees will leave with a good understanding of things like resource limitations, read-only root filesystems, capabilities, seccomp rules and overall attack surface limitation measures.
The workshop can be attended by up to 20 people (or even less depending on the room). A basic understanding of Docker and containers will be required prior to attending this workshop. Every attendee that wants to follow the workshop’s hands-on part will have to bring a machine with Docker installed that can run Linux containers (Docker for Mac/Windows will be fine).
|6:00 – open end
||Apéro Riche and Networking (therefore reserve as well the evening!)
The speakers will be onsite for Q&A.
The Sponsorsof this event are:
This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.
With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.