2019-003-Liz Rice, creating processes to shift security farther left in DevOps
Published January 28, 2019
|
63 min
    Download
    Add to queue
    Copy URL
    Show notes

     

    BIO:

    Liz Rice is the Technology Evangelist with container security specialists Aqua Security, where she also works on container-related open source projects including kube-hunter and kube-bench. She was Co-Chair of the CNCF’s KubeCon + CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle, and co-author of the O’Reilly Kubernetes Security book. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London.

    Liz Rice (@lizrice on Twitter) https://www.lizrice.com/

    https://medium.com/@lizrice/non-privileged-containers-based-on-the-scratch-image-a80105d6d341

    https://www.forbes.com/sites/adrianbridgwater/2018/07/23/shift-happens-why-your-software-needs-to-shift-left/#41aac6047f8c

    https://www.cloudops.com/2018/10/takeaways-from-liz-rice-pop-up-meetup-on-container-security/

    https://thenewstack.io/cloud-native-security-patching-with-devops-best-practices/

    https://changelog.com/gotime/56 - podcast with Liz

    https://kubernetes-security.info - co-author of O’Reilly Kubernetes security book

    https://www.slideshare.net/Docker/dont-have-a-meltdown - Liz Rice/Justin Cormack slides

    https://www.bbc.com/news/technology-41753022 - NHS ransomware issue in 2017

    https://docs.docker.com/config/containers/container-networking/ - docker portmapping

    https://techbeacon.com/9-practical-steps-secure-your-container-deployment

     

    If security needs to “Shift Left”, what can devs do to accommodate the change?

        Everyone will have to make adjustments, not just security… right?

     

    Reverse uptime…

    Forgotten data?

     

    Test Driven Development

    Why do we need security as far left?

        “We don’t patch, we just push a fix, ”

        “We’ll fix it in production…”

        Or we pump more resources to overcome perf issues

        Is there time for code reviews?

        “We don’t need change management…”

     

    https://testssl.sh - @drwetter

     

    Automation: How does security that solve security issues?

        Do Microservices solve everything?

        What don’t they solve?

            What does security need to embrace to make the shift less painful?

            What does development need to embrace to make the shift less painful?

                Cause security wants to get in there…

    There are already DevSecOps processes a-plenty and many . Why aren’t companies adopting them?

        Maturity?

        Lack of resources?

        Negligent devs - how can you ignore the news of breaches?

     

    Setting Goals

        “Start Small” - what’s an example of a small goal?

     

    Check out our Store on Teepub! https://brakesec.com/store

    Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

    #Brakesec Store!:https://www.teepublic.com/user/bdspodcast

    #Spotifyhttps://brakesec.com/spotifyBDS

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

      15
      15
        0:00:00 / 0:00:00