Global AppSec Amsterdam

The rising popularity of agile and DevOps forced the AppSec world to start interacting with development teams. Quite often this is done with a bolt-on approach, resulting in activities that teams need to start doing on top of their existing way of working. Since many security(-like) processes were never designed for a high-velocity environment this leads to ineffective and time-consuming processes. It is time to rethink and redesign these processes and make them add value!
This training is based on my presentation “Taming rainbow shitting unicorn” and will be interactive with group exercises for better understanding of the topics.
In this training, we’ll take a look at a couple of examples and explore how we could make them more efficient and effective. Topics that for example will be covered are:
- Agile and DevOps basics
- The role of automation in development, deployment, and operations
- Agile threat modeling
- Patch management in DevOps environments
- Incident handling feedback loops
- Cloud challenges and advantages
- Combining SRE and DevSecOps