Developers want speed. Customers want features. Security teams want time.
This presentation will discuss how Continuous Security can be moulded into the CI/CD pipeline. I'll outline how machine images and ec2 instances in our AWS environment are automatically tested by vulnerability assessment tools packaged in Docker containers. This assures a reasonably secure posture before features hit production and automates the ongoing process of penetration testing thereafter.
In addition to containers, our security automation toolchain comprises an open-sourced framework as well as a smidgeon of python running in AWS Lambda.
Systems Engineer at Cisco Systems
Owen spends his time testing the notion that Infrastructure-as-Code might just make everyone’s life better. A Network Architect in a previous life, these days he devotes less time to configuring routers than building cloud environments with Terraform, Ansible, Packer, Python etc. When not in front of a screen or hunting for missing toys, he runs a bit.