Couple of nights ago, we hosted the opening night for the first DevSecOps Melbourne Meetup.
There were two tech talks on the night accompanies by the usual culprits — beer and pizzas. Shout out to Versent for hosting us and taking care of the food and beverages.
He spoke about the DevOps to DevSecOps maturity model and the stages that an organisation goes through as part of the maturity. He spoke about stage -1 (adoption) through to stage -2 (expand) and stage -3 (scale) (picture below). He recommended the use open source tools for organisation as a baseline to have an awareness of your cloud security posture. The security role needs to evolve as part of the different maturity stages that an organisaiton will go through.
He also spoke about how Redlock is helping organisations in providing centralised visibility to their cloud incidents with an AI based risk context to help in informed decision making.
The second talk was from Andrew Boundy of Seek. He spoke about how he was able to automate a lot of his security problems by using cloud-custodian an opensource tool from cloud-custodian across their 100s of AWS Accounts.
Some of the key things that stood out for me was the use of slack notification as short training opportunity for developers and raise awareness for why something is wrong. In case you are wondering (especially after the recent s3 public bucket breaches) yes he has a rule to make all s3 buckets private.
Last but not the least, I wanted to take this oppourtunity to thank the attendees who made it an amazing night with people sharing their personal experience during and after the presentation(s). I am excited about what we will learn on our next Meetup.
The next meetup is scheduled to run next year. Check out our meetup page for more info. We are looking for speakers, feel free to reach out. I am especially looking at the attendees who spoke about interesting projects they have been working on in their companies, including the person who made a YouTube video of his devsecops pipeline!