EVENT

OWASP New Zealand Day 2022

Minimum Viable Security for Microservices

Our talk - Minimum Viable Security for Microservices>>

Track Two - Thursday, 16:05

Abstract

The migration of software from monoliths to microservices is long behind us, however managing microservices operations at scale comes with a layer of complexity, particularly with aspects of security that still have a learning curve. But what if all of this could be simplified and automated pretty easily?

Description

If we think about our production Kubernetes and microservices operations, in the same way we think about how we design and build our products, we could build and automate minimum viable security plans that we could easily bake into our config files and CI/CD processes. Once we build this foundational framework of security, it will always be possible to iterate and evolve our security framework, for advanced layers of security that often comes with time, increased experience, and greater maturity around security.

In this talk, we will present what MVS looks like for Kubernetes operations, how to build a cluster secured by design, continuously monitoring networking, container internals and primitives, and access management with a least privilege principle mindset. In this session we will demonstrate this through code, and even how this can work seamlessly with other CNCF ecosystem projects - from Helm to OPA, ArgoCD, Notary, as well at the most common DevOps stacks - Terraform, to AWS, Github Actions and more.

Speaker Biography

David Melamed is co-founder, and currently CTO, of Jit, the Continuous Security platform for Developers. David has a Ph.D. in Bioinformatics and over the past 20 years has been a full-stack developer, CTO and technical evangelist, mostly in the cloud, and specifically in cloud security. He has worked for leading organizations such as MyHeritage, CloudLock (acquired by Cisco), and led the 'advanced development team' for the CTO of Cisco's cloud security (a $500M ARR BU).

Auckland, New Zealand
July 7, 2022
-
July 8, 2022
Booth#
Clock- time
Register

Meet the Team:

David Melamed
Co-founder and CTO
No items found.

Agenda

10:00 AM - 11:00PM
This is some text inside of a div block.
This is some text inside of a div block.
Solution Engineer

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

October 11, 2024; 1:30 AM-2:00 AM ET
Changing the Mindset: Security is QUALITY
David Melamed
Co-founder and CTO

Let's face it - now that we're a few years past the whole "shift left" trend, we can honestly say it has largely failed when considering security debt. Instead of solving issues earlier in the cycle, which was at the premise of the “shift left” promise, we mostly shifted the problem left. To date, security has largely been a source of friction between development and security teams––and fostering a proactive security culture among developers is still the holy grail a lot of companies are dreaming about without really managing to reach it. That's because this mindset needs a hard reset. We need to look at security completely differently. Security should not and cannot be decoupled from product quality - notably because developers are measured on code quality and velocity and not on how secure their code is. In the same way that our product's usability is a first-order engineering concern, security should be regarded in the exact same way. In this talk, I'll share some lessons learned and the way to bridge the gap between security and engineering, by changing the way it is viewed and implemented in current processes.

All Day DevOps

12:00 IST
Gilad Barzilay
VP of Business Development & Alliances

How to leverage AWS Marketplace

Aviram Shmueli
Co-Founder, Chief Research and Innovation Officer

AWS re:Invent

10:00 AM - 11:00AM
How to secure your cloud and code?
David Melamed
Co-founder and CTO

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna

Exploring The False Dichotomy Between Dev Velocity and Product Security
11:00 AM - 12:00AM
What Jit can do?
Avi Douglen
Founder and CEO at Bounce Security and Global Board of Directors at OWASP

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna