SIGS Special Interest Group
4th DevSecOps Forum

Save the DateClick on the .ics file to save the date

Target Audience Professionals which are interested in the topic DevSecOps

From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in this topic in their daily job) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
Location (tbd)

Date of Event 25th June 2019
Further planned date for 2019: 10th of October and 3rd of December 2019
Language English
Participation Costs CHF 55.–
Organization, presentations, beverages and apéro riche included

 
Agenda

 

1:30 – 2:00 pm Registration & Coffee
2:00 – 2:00 pm Welcome from the moderator
2:00 – 2:30 pm Florian Scharf, Senior Security Officer at SIX Group

SSDLC and security by design – how to enable developers to manage security up-front
“Security by Design” and “Privacy by Default” – buzz words which everyone is familiar with or at least has heard of.

During this session Florian Scharf will provide you with an overview on how SIX is approaching the challenge of meeting the requirements from legal, regulators as well as those stemming from internal security policies, up-front and during the process life cycle. You will not only learn about how security can be made part of the development life cycle but also, how you can initiate the cultural mindset towards security and cyber threats.

2:30 – 3:00 pm (tbd)

.
.

3:00 – 3:30 pm Peter Bittner, Agile CTO, Continuous Delivery Coach, DevOps Engineer at VSHN AG

Prepare for tomorrow with clean code and prevention of vendor lock-ins
You should always be prepared for tomorrow and be able to adapt to change. Clean code is one big part and the other part is to avoid vendor lock-ins. Switching a technology is hard, switching a platform is harder! Simply follow a set of principles and techniques to ensure your freedom and agility.

3:30 – 4:15 pm Break
4:15 – 6:00 pm Workshop I
by Peter Bittner, Agile CTO, Continuous Delivery Coach, DevOps Engineer at VSHN AG

Deployment of a Django demo application on APPUiO
Learn how to deploy a Django demo application on APPUiO. Live demo and try it yourself. See the concepts in practice that we learned in the talk.

4:15 – 6:30 pm Workshop II
by Janosch Maier, Co-Founder at Crashtest Security GmbH
Janosch Maier holds a computer science master degree and a pedagogy bachelor degree. He worked in several start-ups and developed a cyber security dashboard for the Dutch ministry of justice. After his studies, he founded the Crashtest Security GmbH where he develops a vulnerability scanner for web application. Because of his interdisciplinary background he is responsible for increasing the awareness about web application security. Janosch is giving regular talks and workshops to promote IT security in agile software development for SMEs and corporates.

How to build a secure DevOps Pipeline
Nowadays, where release cycles are as short as weeks or days, deep application penetration tests have become difficult to conduct. By creating DevSecOps pipeline this workshop will show, how to integrate security into the DevOps lifecycle properly. The pipeline will contain a dependency checker, a docker container check and a dynamic vulnerability scanner.

Nowadays, where release cycles are as short as weeks or days, deep application penetration tests have become difficult to conduct. By creating DevSecOps pipeline this workshop will show, how to integrate security into the DevOps lifecycle properly. The pipeline will contain a dependency checker, a docker container check and a dynamic vulnerability scanner.

In this session you will learn how to

  • Define components of a secure DevOps lifecycle
  • Create a secure build pipeline using google cloud build
  • Integrate a python dependency checker into your build pipeline
  • Use the google container check engine for your docker containers
  • Start a dynamic vulnerability scanner from your build pipeline

6:00 – open end Apéro Riche and Networking (therefore reserve as well the evening!)
The speakers will be onsite for Q&A.

 


The Sponsors of this event are:

Host Sponsor Co-Sponsor

Registration

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!


With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.

Earn CPE Credits for
attending SIGS Events
 

Registration here!