Managing security within a cloud-native development pipeline requires reimagining traditional security rituals. With hybrid and multi-cloud deployments as well as different container runtimes, orchestration platforms, and technology stacks, getting it right requires more than tooling. We must understand how our teams build software and consume telemetry gleaned through operations. Securing the pipeline from developer tools to production infrastructure requires a continuous approach to security, by shifting left and shifting right too. This talk will dive into building with isolation in mind and limiting the damage of a compromised service within an environment. It starts with development and extends through deploying software to the runtime environment. This presentation’s goal is to provide strategies on moving security both to the left and to the right in our software development lifecycle. This presentation will explain the distinct differences between shipping traditional software and how the cloud-native development pipeline changes things. At the end of this presentation, you'll be ready to tighten up your stack with new tricks to solidify your cloud-native CI/CD pipeline and the additional security dilemmas it presents.
Jack Mannino is the CEO of nVisium. Passionate about security and impossible to keep away from a keyboard, his expertise spans over 15 years of building, breaking, and securing software. Jack founded nVisium in 2009, and since then has helped the world's largest software teams enhance security across their software portfolios. He has spoken at conferences globally on topics such as secure design, mobile application security, and cloud-native security.