With Black Hat USA 2019 less than a month away, we continue our blog series with weekly recommendations of training courses and research briefings to attend at the conference. Our pick this week: the research briefing Controlled Chaos: The Inevitable Marriage of DevOps & Security.
This 50-minute presentation focuses on the increasingly critical issue of securing DevOps, as this approach to agile and iterative software development and IT operations becomes the “business engine” for organizations.
Kelly Shortridge, Capsule8’s product strategy VP, and Nicole Forsgren, Google Cloud researcher and strategist, will explain the DevOps basics and the resilience and chaos engineering concepts. The speakers will address the importance of marrying DevOps and security, and the necessary shift away from security for its own sake to security as an enabler of business objectives.
Why we’re recommending it
DevOps pipelines are at the heart of the IT innovations that digitally transform businesses. Unfortunately, security often remains an afterthought in DevOps, resulting in code that’s buggy, misconfigured, and consequently vulnerable to breaches.
It’s imperative for security to be built natively and organically into the DevOps lifecycle — from application design to production deployment. If security is relegated to the end of the process, it’ll inevitably delay and interrupt the DevOps workflow.
“DevOps accelerates the velocity with which products are deployed to customers. However, the catch with DevOps is that it moves fast, and security must move faster to keep up and make an impact,” wrote Chris Romeo, CEO of Security Journey, an application security training program.
Security checks should be automated throughout the DevOps pipeline, so that continuous security is weaved into application development and IT operations. In this manner, iterative, frequent and proactive security and compliance checks are done in tandem and at the same pace as the development and operations work.
In short, securing DevOps has become fundamental for enterprise security teams. We believe this Black Hat briefing session will offer insightful, useful and practical information about DevOps security to attendees interested in boosting their understanding of this critical issue.
Qualys at Black Hat USA 2019
A Diamond Sponsor, Qualys will again have a major presence at Black Hat USA 2019, which runs from Aug. 3-8 at the Mandalay Bay in Las Vegas. We’ll be there explaining how we can help organizations protect their hybrid IT environments without slowing down their organizations’ digital transformation.
We invite you to stop by our booth (#204), enjoy a cup of coffee from our Nespresso bar, and chat with our product managers and technical account managers. We’ll raffle hi-tech prizes and give out tote bags after each presentation, including:
- Exclusive product previews, including of our new Threat Detection and Response Platform
- Best practices presentations from leading enterprises
- An overview of how Qualys Cloud Platform, our end-to-end security and compliance solution, gives you a real-time, holistic view of your threat landscape, and comprehensive capabilities for attack prevention and incident response