An accomplished security professional with over a decade’s experience of providing specialist application and infrastructure consulting services at the highest levels to companies, governments and organisations around the world.
An active participant in the international security community and conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP the global organisation responsible for defining the standards for web application security and as a co-founder of NULL India’s largest open security community.
Specialities: Running an application security consulting company; Building security automation products which are human friendly; Founding and mentoring communities around the topics of Cyber Security, Entrepreneurship, Cloud Native
Session: Reliable and Automated Cloud Native Security Operations
SecOps or Security Operations is changing enterprise IT the same way how DevOps
transformed enterprise Dev. The complexity of operations is ever increasing and with the advent and extensive usage of Public Cloud the risk is ever greater.
We need to gear up for this world and a workable approach is to tackle this new world with the same enthusiasm as developers have taken up.
By leveraging Cloud Native Services such as Serverless (Cloud functions, Lambda), Container run-times (Docker) and Container schedulers (Kubernetes) we can bring in near real time detection and blocking of security attacks, analyse incidents and even do remediation of potential security holes before they become a problem.
During this talk and demo we will cover two live demonstrations of this approach and use the demonstrations to expand on the following
1. What exactly is SecOps for the Cloud
2. When is it Cloud Native
3. Why do we need it to be Cloud Native4
4. What do you need to get started with this now
1. Automated Real Time Blocking of Data Breaches due to public S3 buckets
2. Automated Real Time Blocking of AWS IAM Credential Thefts