I consider myself a member of a dying breed of Information Technology versatilists with over 15 years of industry experience delivering high complexity application and identity security projects. Currently working as Chief Product Officer at Cloudentity focusing on API Security and Authorization. My experience working as a software architect, developer and security engineer with the world’s leading security specialists spans organizations such including THALES (France), EADS (France), IABG (Germany), ICOM (Greece), GMV (Spain), TNO (Netherlands), BUTE (Hungary), IEIIT (Italy), PWR (Poland) and UMU (Spain) has provided me with extensive exposure to an array of system architectures and complex and regulatory business issues.
Session: DevSecOps enabled micro-perimeter API protection
Current "Shift Left" DevSecOps approach puts more and more responsibility on Developers. Taking into consideration the current shortage of cyber security specialist among software developers, that can end up with unintended consequences. In my presentation I would like to focus on solution that allows decoupling of the application API security logic from business workloads utilizing the sidecar pattern. This design pattern provides developers an ability to describe security of their services utilizing declarative approach. Configuration artifacts representing security as a code can be then used as part of the DevSecOps pipeline and provide multilevel security for APIs including micro-segmentation, multilevel authorization, communication channel security as well as enabling the service identity. Presentation will include the theoretical concepts as well as the example of real implementation.