Our sixth DevSecOps Melbourne meetup for year 2018 — Whoop Whoop!!
Thank you for your support with DevSecOps Meetup so far:
DevSecOps is a growing community in Melbourne and I am honoured to be able to host the Melbourne meetups for the local community. We have over 500 current members in Meetup.com with around 100 RSVPs per event. I am humbled by the support especially the regular attendees who chose the DevSecOps meetup as the one meetup that they attend each month. I am looking forward to hosting more community events in the security community with interesting talks. #blessed
Another Security Meetup
I started Cybersecurity for Startups Meetup recently to provide cybersecurity help to startups. The meetup has grown since it’s inception and we are having our first event on 3rd July,2018. It’s a free event but requires an eventbrite ticket to attend.
OWASP AppSecDay Melbourne 2018
I am one of the organisers for the OWASP AppSecDay 2018 to be held in Melbourne. It’s one of the big security conferences in Australia with a mix of international developer and security industry celebrities in the list of past attendees. Only two weeks left for any talk or workshop submissions for OWASP AppSec Day. Topics of interest are DevSecOps, Blue team, Cloud Security, End User Security, Mobile Application Security, API security, Integrations, War stories, Role integration, Secure Software Development Lifecycle, Secure Code Assessments, Security Architecture and Web Application Security. I recommend this conference for anyone keen on any of the above topics to attend if not wanted to present. More information here.
DevSecops S01E06 Talk learnings
Topic: Automated Security in CI/CD Pipeline
The talk started with a brief introduction into DevOps and where does DevSecOps fits into a DevOps cycle. Hint: It’s everywhere :)
Now, one may ask why does DevOps or security need to think about automation. The following were noted during the talk
- Helps security keep up with the speed of the delivery team
- Security posture of a pipeline history can be retained throughout the DevOps pipeline lifecyle from inception to updates.
- Security knowledge is retained within the team instead of looking for external expertise
Let’s dive into a CI/CD Pipeline for DevSecOps:
At this point, the speakers went through each of the highlighted bubbles in the above image. This included 6 live demos ( which I think is a record, never googled but just saying :))
I would encourage you to head to the link of their slides to see the rest of the slides with information on open source and commercial tools that can help you in each of those stages to get your feet wet and explore the possibility of solving the DevSecOps puzzle one box at a time in your organisation.
Here is to link to the video from the night if you are keen. As always all comments/feedbacks are welcome.
I will see you all at next month’s meetup.