Swapnil has more than a decade of experience in enterprise cybersecurity, including technical leadership positions in Fortune 500 financial services firms. He is a subject matter expert in the application, cloud and emerging technologies security domains. Swapnil is a co-author of the Hacking Exposed Series, a best practice security handbook, and a frequent contributor at security conferences, round tables and publications. Swapnil earned his master’s from George Mason University and graduated from the University of Mumbai, with degrees in telecommunications and computer/network engineering, respectively.
Session: Shift Up - Continuous Security & Feedback Loop In Production
DevOps engineering culture demands deploying code at lightning speeds. Speed equals to carelessness. And carelessness may lead to breach.
This talk is an introduction to shift up paradigm, think of it as shift left on steroids for production. Shift up enables an organization with identifying and remediating insecure code running in production including security gaps within infrastructural stack. Attack, yes you read it right attack, your own network by generating chaos and even running defensive dynamic security testing. In turn validate effectiveness of layered protective measures against application code and monitor transnational flow. By the virtue of this talk, I will attempt at answering the age-old question of, is there a necessity to integrate security technologies tools such as runtime application self-protection (RASP) or is WAF as effective tool. And last but not the least, building capabilities such as identifying external-facing assets in continuous manner and monitoring them throughout its lifecycle. All these learning from shift up capabilities in turn provides us with a feedback loop between AST tools (SAST, DAST, IAST, MAST) and layered defenses in production. This learning constantly helps us enhance protective shield against evolving attacks and ultimately gaining IT utopia.