SIGS Special Interest Group
6th DevSecOps Forum

Save the DateClick on the .ics file to save the date

Target Audience Professionals which are interested in the topic DevSecOps

From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in this topic in their daily job) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

Rules This platform is held under Chatham House Rules!
CPE Credits Earn 4.5 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
Location Schweizerische Mobiliar
Direktion Bern
Bundesgasse 35
Bern
Date of Event 24th June 2020
Further planned date for 2020: 20th October
Language English
Participation Costs CHF 55.–
Organization, presentations, beverages and apéro riche included

 
Agenda

 

1:00 – 1:30 pm Registration & Coffee
1:30 – 2:00 pm Nicolas Bizard, Solution Architect at Credit Suisse

Devops culture transformation at scale at Credit Suisse
The talk covers our DevOps-journey on a mission-critical application (4k+ user, 40+ developers/multiple locations). I will explain the cultural change, technical setup and best practices: How we shifted the culture of control & escalation to collaboration (incl. Biz) by fostering the team’s autonomy and engineering excellence. How we leveraged feedback loops across all stages (pipeline, monitoring, in-app-feedback, etc.) measured based on defined metrics. As a result we have increased the release cadence from 4/y to bi-weekly, easing the burden of release & roll-out through canary releases.

2:00 – 2:30 pm Jens Kober, IT Architect at ISCeco

The next level of Security in DevSecOps and related challenges
IT Operations of the Federal Dept WBF (ISCeco) has centralized Dev and Ops onto a standardized platform already increasing security of the systems and applications. By adding SAST and SCA (Software Component Analysis), security is taken to a completely new level. The coverage of the entire SDLC, its integration and automation as well as responsibilities and cost sharing are particularly challenging. This “new world” has multiple external and internal providers who develop and operate applications.

However, there is another aspect to consider. Who takes care of keeping all these components up to date? There is a bunch of people working on the project during development time. But once the application is running in production there is nobody taking care of the up-to-dateness of the components used in the application.

Therefore, in this heterogeneous environment new ways of thinking and executing are necessary. Some issues are being solved others remain to be discussed, in Government as well as in the private sector. Join our journey and participate in the discussion to a truly secure DevSecOps!

2:30 – 3:00 pm Thomas Hasler, IT Architect at dieMobiliar

Automated DevSecOps Governance @ dieMobiliar
Giving responsibility to Feature Teams is a good thing. On the other side there are governance requirements regarding the governance of security, traceability, auditability etc. of the software processes.

At the dieMobiliar we have build steps like Code Coverage, Licence Scanning or penetration testing into our CI / CD Pipeline. These things are run and measured in an automated way, instead of doing it manually.

This talk will show how we went about implementing DevSecOps and what we have learned on the way.

3:00 – 3:45 pm Break
3:45 – 4:30 Roundtable Discussions
3 different tables to discuss different topics. You can chose the one you like to attend and we will change the tables two times

–> Roundtable 1
moderated by Nicolas Bizard, Solution Architect at Credit Suisse

Follow Up “Devops culture transformatino at scale at Credit Suisse”
_______________________________________________________________________

–> Roundtable 2
moderated by Jens Kober, IT Architect at ISCeco

Follow Up “The next level of Security in DevSecOps and related challenges”
_______________________________________________________________________

–> Roundtable 3
moderated by Thomas Hasler, IT Architect at dieMobiliar

Follow Up “Automated DevSecOps Governance @dieMobiliar”

4:30 – 5:15 2nd turn – change to another table

5:15 – 6:00 3rd turn – change to another table

 


The Sponsorsof this event are:

Main Sponsor Co-Sponsor Host Sponsor

Registration

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!


With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.

Earn CPE Credits for
attending SIGS Events
 

Registration here!