DevSecOps
Showing 3 out of 3 results
97 Things Every Cloud Engineer Should Know
Migrating to the cloud has become a “sine qua non” these days. The compact articles in 97 Things Every Cloud Engineer Should Know inspect the entirety of cloud computing, including fundamentals, architecture and migration. You'll go through security and compliance, operations and reliability and software development. And examine networking, organizational culture, and more. Find out the story behind the benefits of curating such a community-driven book from the co-editors Emily Freeman, head of DevOps product marketing at AWS, Nathen Harvey, developer advocate at Google Cloud, and Chris Williams, cloud therapist and principal cloud solutions architect for World Wide Technologies.
Machine Learning Security Operations at One of the World's Largest Brewing Companies
Data plays an increasingly important role in every industry, and that includes brewers. To foster its competitive position and expand into new markets, Heineken - a worldwide brewing leader for over 150 years - plans to leverage the vast amounts of data they collect. Machine Learning has thus become key for turning Big Data into actionable insights and data-driven improvements. But how can this be scaled in a secure way? In this session, Maurits will discuss parallels between MLSecOps and DevSecOps, talk about a specific use case from Heineken and present how Heineken manages to automate security in the entire process. You will learn more about: * Focus areas of Machine Learning Security Operations * The role of security in Machine Learning
Adapting DevOps in a World of Growing Software Supply Chain Attacks
**As we embrace movements like CI/CD and DevOps to cut down on release cycles - and innovate faster, we as developers must also embrace the reality that the risk landscape is too complex to leave “security” to just those with security in their title.** Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important. Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing us down. **In this talk, you'll learn about**: * Real-world examples of how large and small companies are implementing DevSecOps practices in their own delivery pipelines, and increasing developer awareness of risks. * Key insights into the Dependency Confusion and Cloudflare breach - what steps can developers take to prevent similar future attacks? * A walkthrough of how security principles have been embedded in a Continuous Integration pipeline and what standards for implementation are beginning to follow suit.
