Presented at
44CON 2019,
Sept. 13, 2019, 2 p.m.
(59 minutes).
As many enterprises shift to a cloud first business model, asset visibility can become increasingly difficult for security. Cumbersome gated approval processes, a security mainstay for years, are now quickly bypassed in the name of developer agility and growth. Security practitioners need new approaches that move at the pace of this new DevOps driven world.
In this session, we will tell the story of a simple premise: can we discard a cumbersome approval process, throw open the gates, and build visibility for security by offering free “backdoored” server resources to developers. We’ll share the context that lead to our premise, the tooling we built to facilitate the experiment, our success criteria, 3 years of practical experience running the program, and lessons learned.
Presenters:
-
Kyle Tobener
- SalesForce
Kyle Tobener is a Director of Enterprise Security at Salesforce. He began his professional career as a zoologist but fled the jungle to return to San Francisco and focus on tech. His specialty now is application security, with a side dish of 3rd party vetting and contract negotiation. In his free time he collects cyberpunk paintings, runs the largest board game Meetup in San Francisco, and teaches his daughter to break things.
-
Allessandro Lapucci
Alessandro is a Lead Software/Security Engineer with Security Compliance at Salesforce, where he develops internal automation tools and customer facing web applications. Born and raised in Italy, he lived in Ireland and California before recently moving to Switzerland. When he isn’t glued to a computer screen, he spends time playing vinyl records and learning to fly racing quadcopters.
Links:
Similar Presentations: