Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

DevSecOps [clear filter]
Tuesday, September 18
 

11:00am

DevSecOps: The Missing Link
 For many, the transition to DevOps starts small, in a single team or a new project. This often involves cobbled together open source solutions with little to no security. To scale effectively, deploying daily, hourly, or even more frequently, requires organizations to engage security in all aspects of software development and deployment. Join XebiaLabs  Solutions Architect, Vincent Lussenburg as he shares market trends, tips, and techniques to incorporate security into the complete DevOps lifecycle.

Speakers
avatar for Vincent Lussenburg

Vincent Lussenburg

Solutions Architect, XebiaLabs
Vincent Lussenburg works as a Solutions Architect for XebiaLabs. He’s been with the company since 2011 in various roles both living in The Netherlands and now in the United States. Prior to this, he worked as software engineer, scrum master, architect, and DevOps consultant in various... Read More →



Tuesday September 18, 2018 11:00am - 11:15am
Partner Theater

11:15am

DevSecOps – Security at the DevOps Pace
 Modern development is all about speed and agility, responding to market needs quickly and succeeding (or failing) fast with innovative new ideas. We understand more bugs will make it to production and are willing to pay that price to get a fast-adapting product. Unless, of course, the price is a data breach. 

If security failures are not acceptable, how can we stay secure while moving at such a high pace? How do you "move fast and break things," but don't get broken into? This talk will discuss how to apply security in a DevOps environment (a.k.a DevSecOps), sharing a model and offering practical tips and examples. 

Speakers
avatar for Geva Solomonovich

Geva Solomonovich

COO, Synk
Geva Solomonovich (@gevasolo) is COO at snyk.io, focusing on making open source secure. He is the founder of the security consulting firm Snowy Peak Security. Geva was previously CTO/co-founder at Openbucks, working on innovation in the online payments space. Before that, Geva held... Read More →


Tuesday September 18, 2018 11:15am - 12:00pm
Foothill C

2:30pm

Mission Possible: Eliminating DevOps Security Roadblocks
Hear how leading DevOps pioneers secure their complex continuous integration/continuous delivery pipelines in scalable, automation-friendly ways that keep developers, operations, audit and compliance teams happy. Gain practical insights into addressing the security challenges with secrets, access keys and credentials, as well as how to reduce over-privilege and eliminate secret duplication. In this session, you'll get practical insights from a DevOps industry pioneer who has deep experience with Jenkins and other leading DevOps tools on how to leverage integrated secrets management solutions to give the CISO security while giving developers agility and velocity.

Speakers
avatar for Jason Vanderhoof

Jason Vanderhoof

CyberArk
Jason has 10+ years of experience building dynamic, scalable systems, automating infrastructure and deployments, and helping teams operate more efficiently. He believes security, operations and development really can co-exist harmoniously and learn from each other. At CyberArk, Jason... Read More →



Tuesday September 18, 2018 2:30pm - 3:15pm
Foothill C

3:45pm

Introduction to Elastic Container Services on AWS: ECS, EKS, and Fargate
AWS supports a number of different strategies for running your containerized applications in the cloud. In this talk, we provide an introduction to Amazon Elastic Container Service (ECS), Amazon Elastic Container Service for Kubernetes (EKS), and AWS Fargate, Amazon’s compute engine for ECS and EKS that allows you to run containers without managing server or cluster infrastructure.

Speakers
avatar for Tony Pujals

Tony Pujals

AWS
Tony is a senior developer advocate for elastic container services (ECS/ECR/EKS/Fargate) at AWS, a Docker Certified Associate, and Docker Captain. He is fanatical about container technology, microservices, serverless, service mesh, cloud computing, and observability. Feel free to... Read More →


Tuesday September 18, 2018 3:45pm - 4:30pm
Foothill C

4:45pm

DevSecOps at Scale: Using Jenkins Shared Libraries to Accelerate CI/CD Adoption
DevSecOps means incorporating security into the culture, principles and processes created to streamline software release cycles. When working with federal clients on digital transformations, the concept of separation of duties often arises as a challenge in regard to continuous deployment. Learn how to leverage Jenkins shared libraries and the template method design pattern to use a common pipeline across entire agencies, regardless of technology stack. We will go through how to centralize the business logic of an organization's software development lifecycle to incorporate required security testing, while being flexible enough to support any team in order to build a secure supply chain to production.

Speakers
avatar for Steven Terrana

Steven Terrana

Lead Technologist, Booz Allen Hamilton
Steven is a lead technologist at Booz Allen Hamilton, leading the implementation of CI/CD pipelines across multiple government agencies. A Certified Kubernetes Administrator, Steven leverages Jenkins to incorporate automated testing and security into every step of the software development... Read More →


Tuesday September 18, 2018 4:45pm - 5:30pm
Foothill C

4:45pm

Jenkins X: Continuous Delivery for Kubernetes
The last 5 years have seen a huge change in how we build, package, run and manage software with the rise of Kubernetes, Cloud Native, Microservices and Continuous Delivery. As a result, we all need to get better at delivering business value to our customers faster and continuously with a cloud native strategy - but how?
This talk will introduce you to a new open source project, Jenkins X which is an open source CI / CD platform for Kubernetes based on Jenkins.
After a couple of slides we'll spend most of the talk demonstrating how to get stuff done with Jenkins X:
  • easily setup your own Jenkins based CI / CD system on your cloud of choice
  • quickly get started developing new microservices with automated CI / CD
  • import existing projects with automated CI / CD
  • use Pull Requests to trigger CI, Preview Environments, human approval then a full CD release
  • use automated provisioning to testing, staging, ephemeral and production environments via helm charts and GitOps
After this talk you should be able to develop at full speed with CI / CD in a cloud native way in any language on any cloud or kubernetes cluster! Lets all go faster!

Speakers


Tuesday September 18, 2018 4:45pm - 5:30pm
Salon 9
 
Wednesday, September 19
 

1:30pm

Secure GitOps Pipelines For Kubernetes In JenkinsX
The fundamental principle of GitOps is managing your entire stack through declarative, configuration files, managed in source-control. Changes to infrastructure and application code are managed the same way - pull requests and code review.


This session will focus on using Jenkins X and Grafeas to secure your Kubernetes CD pipeline and supply chain. Through examples, we will show how to extend the default Jenkins X build pipelines with steps to manage container image security, CVE detection and source provenance. Similar to Kelsey Hightower's "Kubernetes The Hard Way", this session will focus on setting up a secure pipeline from scratch, explaining each step in detail along the way.


The goal of this talk is for DevOps engineers to understand how all of these pieces (Kubernetes CRDs, Jenkins X, Grafeas can be combined into a secure system driven by pull requests (GitOps) that meets any organizational culture and processes.

Speakers
avatar for Dan Lorenc

Dan Lorenc

Google
Dan Lorenc is a Staff Software Engineer at Google, where he's been working in the PAAS-space for 6 years. He currently manages a team focused on building open source tools to improve the container/Kubernetes developer experience. Previously he founded projects such as Minikube, Skaffold... Read More →


Wednesday September 19, 2018 1:30pm - 2:15pm
Golden Gate Ballroom B

2:30pm

Effortlessly Deploy, Scale, and Manage Your App Development on AWS
Come learn how you can use Jenkins with AWS Elastic Beanstalk and AWS CodeBuild to easily implement a fully-managed build, test, and runtime environment that allows you to go from code to running application in a matter of minutes.


Speakers
avatar for Bob O’Dell

Bob O’Dell

AWS
Bob O’Dell is a Principal Product Manager for AWS Elastic Beanstalk, which is an easy-to-use service for deploying and managing web applications on AWS. In his role Bob spends his days (and occasional nights) helping customers best leverage AWS services to build highly available... Read More →


Wednesday September 19, 2018 2:30pm - 3:15pm
Foothill C

3:45pm

Industry Panel on Container Security
Container security is the most rapidly advancing technology area in DevSecOps, with a growing number of vendors building innovative offerings for quickly implementing security on top of a rapidly evolving container ecosystem. This has important implications for how applications are designed, secured, delivered, and operated – and DevSecOps is the specialty that brings all of this together. Just like containers are simple in concept but can be a challenge to industrialize, container security is similarly complex in real world applications. Most obviously, vulnerabilities may exist in container images but it’s also necessary to reduce the container attack surface and limit access by constraining privileges. And then there’s the container host itself, which needs to be hardened and monitored. Each of these must, of course, be automated for container security to be successfully enabled within DevSecOps. And that’s why specialized tools are necessary keep up with the evolving container ecosystem. Our industry panelists will share their opinions, case stories on how they are managing this today and give their views on how this specialized domain combining security, containers, and automation will evolve.

Moderator
avatar for Keith Pleas

Keith Pleas

Accenture
Keith is a technology & organizational leader who has spent more than 20 years consulting to industry on IT, management, architecture, automation, and software development. He has more than 200 published articles in international IT and software development publications. Keith has... Read More →

Speakers
avatar for Matthew Barker

Matthew Barker

Solutions Architect, Twistlock
As a experienced Solutions Architect, I assist companies around the globe to efficiently secure their devops based application development and deployment. My broad-based experience in cloud technologies, devops practices, and the Jenkins platform combined with my background in software... Read More →
avatar for Chris Condo

Chris Condo

Senior Analyst, Application Development & Delivery, Forrester
 Chris has been a senior analyst with Forrester since 2016. Prior to Forrester Chris was the manager for enterprise web applications at Altran North America, overseeing and leading projects such as IoT enablement for medical devices, warehouse automation software, and online health... Read More →
avatar for Shannon Lietz

Shannon Lietz

Intuit
 Shannon Lietz is an award-winning innovator with over two decades of experience pursuing advanced security defenses and next-generation security solutions. Ms. Lietz is currently the DevSecOps Leader for Intuit where she is responsible for setting and driving the company’s DevSecOps... Read More →
avatar for Curtis Yanko

Curtis Yanko

Sr Principal Architect, Sonatype
Curtis Yanko is a Sr Principal Architect at Sonatype and a DevOps evangelist. Prior to coming to Sonatype Curtis built a DevOps CoE at a Fortune 100 company. When he isn’t working with customers and partners on how to accelerate delivery by building security and governance into... Read More →


Wednesday September 19, 2018 3:45pm - 4:30pm
Foothill C