Reception and Openning
Welcome & Opening Remarks
Lindsay Holmwood - Chief Product Officer at CipherStash
«DevOps and Data Security: where Aussie orgs are at»
| Optus. Medibank. Latitude. The last 12 months have seen a reckoning for data security in corporate Australia. But are these examples really that out of step with how we actually do security in our own organisations (not just what we tell ourselves about how we do it)? What do Australian organisations doing devops actually think about data security? Who do they think they are defending against? What steps are they taking to safeguard customer data? This talk will explore two years of qualitative interviews with Australian organisations about how they think and act on data security. We’ll explore devops tools, architectures, and processes to set you up for Australia’s changed threat landscape, and what techniques you can use today to better protect your customer data. |
Ben Ridley - Public Sector Solution Architect at GitLab
«The Seamless DevSecOps Journey: Achieving your Security and Compliance needs by Aligning Teams Across the Value Stream.»
With cybersecurity risks on the rise, application security and compliance have become front of mind issues for organisations developing software.
However, introducing security & compliance requirements to the development process can create friction between teams who aren’t aligned, introduce manual handoffs and approvals, and reduce developer innovation and delivery of features that keep your business competitive.
The key to achieving security & compliance outcomes, while maximising velocity, is to understand your software value stream and embrace DevSecOps tools that align teams across the value stream and empower your organisation to automate repetitive tasks and enable each other.
We’ll explore a case study in how GitLab’s DevSecOps platform enabled teams to do what they do best, while still meeting security & compliance goals.
Pat Shueh - VP, Solutions Engineering at Zimperium
«How to protect your mobile app against real world attack?!»
Mobile apps are increasingly more sophisticated and are processing more sensitive personal and corporate information than ever before. Organizations are also well aware of the huge reputation and financial risks whether direct via fraud or indirect via fines, etc. that can result from mobile breaches.
DevSecOps has been a practice that is adopted to embed security in the development lifecycle, While, the idea of shift-left means security controls are implemented with multiple code scanners / Gates / Pen Testing in the pre-production environment. Post production, how do you protect your app against reverse engineering, untrusted and compromised devices, runtime tampering, code injection and more in the wild?
During the session, Pat will take you through live demonstrations on how apps can be attacked, and share best practices and techniques to mitigate these attacks to improve your overall DevSecOps process so your mobile app can defend itself.
Lunch
Erin Rangi - Customer Success and Growth Leader at DOT Community
«Dance outside the box»
We all grew up in the same way, with a predefined school curriculum to determine your value to society and completing predefined university degrees to prove you can think strategically or prove intellect. We are classified and sorted into boxes from an early age. As the world evolves, we also need to. These predefined boxes and rules of engagement limit the magic and value we can deliver as unique individuals. They limit the impact we can make in our lives, at work and to the world. So how do we move from a society of predefined boxes to one that celebrates the magic of our edges, the magic of what makes us unique and where the best ideas come from? How do we make room to dance outside the box?
Ashley Beard - Technical Support Engineer at LaunchDarkly
«Release with Confidence: Managing Feature Flags with LaunchDarkly»
Feature flags provide a flexible and safe way to release new features and experiment with user experiences and LaunchDarkly is one of the best feature flag management platforms that offers a comprehensive suite of features and integrations for managing flags at scale.
Break
Kelvin Mun - Senior Sales Engineer, Kasten by Veeam – APJ at KASTEN
«Integrating Backup Into Your CI/CD Pipeline»
The ability to deploy code and version code has been a de facto requirement and a reason we have CI/CD pipelines for our application development, but with Kubernetes in particular we are seeing a closer tie between code and data. In particular, code being deployed can affect and change your data, for that reason, we need to consider protecting that data as part of our Continous Development pipelines, In this session, we will focus on how we can incorporate backup actions into your pipeline to ensure that any code changes will start by creating a restore point be it a snapshot or an export to another external repository. We will then as part of a demo incorporate a failure scenario into the environment pipeline to simulate how a config map can manipulate data to cause data loss. Then we need a way to bring the data back!
Anthony Rees - Regional Security Solutions Engineer at Lacework
«DevSecOps Adversarial Hygiene: Security that doesn’t Stink!»
Securing the cloud is a never-ending task that becomes more challenging each year as clouds accrue new features and functionality. The same can be said for the ever increasing responsibilities and mandates expected of DevOps Engineers, including driving the probability of intrusions, data exfiltration and ransomware to effectively zero. With new technologies and tools come great opportunities for businesses; however, if they are not used appropriately and securely, they can do more damage than good. In this session we will address the elephant in the room: how can Engineers do more with less, while ensuring the integrity of their resilience based security architecture, and prepare for enterprise obstacles and opportunities ahead.
Closing Remarks
Entertaiment, Networking, Discussions
Reception and Openning
Welcome & Opening Remarks
Oshri Zvi - Senior Engineering Leader at Australian Payments Plus (AP+)
«Tech Debt go away!»
AP+ has many mission critical, robust applications and services that are running for long period of time. In this talk, I would touch on the analysis and transformation our team did to detect, reduce and eventually eliminate technical debt from our applications.
Diana Omuoyo - Regional Solution Architect - APJC at AppDynamics
«The Anatomy of a Vulnerability»
Applications are the entry point for most interactions with enterprise systems. and as we
adopt and expand into open-source, shared library and distributed architectures, we
inherently introduce an expanded footprint of entry points for bad actors. Our security
specialists have spent decades mastering and designing security practices across
enterprise domains and are now also expected to manage this extensive scope of
potential security gaps and risks in our applications. Building air-tight cybersecurity
frameworks can be challenging and security can only be as strong as its weakest link.
There is an increasing number of reported breaches, highlighting the gaps in our
cybersecurity practices.
December 2021, was a time when application and security teams were challenged, left
scrambling to understand and manage the security risk exposure for businesses
globally. The Log4J vulnerability catastrophe forced us to evaluate and re-think
application security.and operational processes around risk management.
This session will discuss the anatomy of a vulnerability, evaluating business risk and best
practices for cybersecurity readiness and awareness. .
Darragh Kennedy - Director of Engineering at Zendesk
«Bringing product culture to the backend»
Building the right thing at the right time can be hard when building complex internal platforms. Hear about how we brought product thinking into our backend engineering teams, pivoted a project to build a more customer focused solution and then what we have gained from an investment in product management expertise.
Lunch
Beibei Guo - Chief Engineer - Global Technology Services at Commonwealth Bank
«DevOPS Opportunities of Stateful Assets in Established Enterprises»
DevOPS Practice presents unique challenges in velocity and risk for enterprises with big IT footprint and a complicated asset tree. This is especially the case when it comes to applying agile principles in stateful assets like databases, persistent cache and storage tier. When you try to introduce some fast moving parts in a well established landscape with many monolithic slower moving parts of high criticality, you might find yourself fighting in a jungle that is outside the description of typical DevOPS textbooks and the glittering success stories. In this session, Beibei Guo(Chief Engineer of Global Technology Services, CBA) will describe the velocity, security and stability challenges in CBA stateful layer from the vantage point of relational and non-relational databases hosted in data centre, public cloud and SAAS, using Oracle/MSSQL, PostgreSQL, MongoDB and Cassandra as examples. She will discuss how CBA has transformed these challenges into opportunities for in-house written applications as well as commercial-off-the-shelf (COTS) software. With detailed design and implementation, she will share different treatment strategies, design principles and day 2 learnings. This will cover aspects of development practice, product selection, security & compliance, operations and financial cost. Although there is no single silver bullet that makes stateful DevOPS practice to the same level of agility in stateless domain, CBA has seen meaningful progress in bringing velocity to stateful tier through considered platform designs, automation and culture transformation. Through sharing this story, we hope to learn from the audience as well.
Andrew Coulter - Head of Engineering - Investment Management at Iress
«Windows Containers on the Cloud»
It's 2020, and your company wants to stop owning hardware and re-platform its products to the cloud. But what can you do when your server is a Windows application representing years of development assuming on-prem environments? This talk will look at how Iress re-platformed one of its applications to the cloud using Windows containers, the trials to get there, and the benefits that resulted.
Daniel Kirkwood - Senior Solutions Engineer at Teleport
«Identity-Native Infrastructure Access Management»
| In this talk, we will examine how your team can prevent breaches by eliminating secrets and adopting zero trust. We will examine the core pillars of an identity-native approach to infrastructure management and include real examples of how to implement these controls. |
Break
Pas Apicella - Principal Solution Engineer at Snyk
«Key drivers for a successful Security DevOps practice at scale»
| To mitigate software-related security risks, you need to fine-tune your application security program to get the right people involved and ensure the whole SDLC through the software supply chain and its components are all part of that process. Once considered an afterthought in software design, application security is increasingly top of mind for developers. The way applications are used these days -- accessed over networks/clouds -- invites a variety of potential threats. Frequent testing and adherence to application security best practices can limit the possibility of unauthorised attacks being used to steal, share or modify sensitive user information. This talk will address how companies are prioritising their cybersecurity needs, the lessons they have learned, and what the tangible outcomes were for these companies through a series of live demos showing exactly how. |
Andrew Haschka - Head of App Modernization APAC at Google
«SLSA with Google, shift left security and devops benchmarking»
We'll cover off some market context from the latest State of DevOps report before diving into Shift Left security and implementing SLSA across the SLDC
Closing Remarks
Entertaiment, Networking, Discussions
Follow Us
