Containerizing your Security Operations Center

Presented at AppSec USA 2016, Oct. 14, 2016, 3:30 p.m. (60 minutes)

As security professionals, we have no shortage of tools available to us in our offensive and defensive pursuits. How we choose to deploy, maintain, and share these tools across teams can prove to be burdensome and overly complex. Security teams are becoming swept up in the DevOps movement and we are being encouraged to bring visibility into our workflows and toolsets. This means moving things from our local boxes to a more available and collaborative environment. This talk will share lessons learned from building a pluggable, cloud­based "Security Operations Center" running entirely on containers to help security teams rapidly build out scanning pipelines, centralize alerts, investigate malware, and easily collaborate with teams across the organization. I'll dive into the architecture and design of the cluster and how to quickly get a POC running in Kubernetes

Presenters:

• Jimmy Mesta - Sr. Security Engineer - Mesta Machine
  Jimmy Mesta is an application security leader that has been involved in Information Security for nearly 10 years. He is the chapter leader of OWASP Santa Barbara and co-organizer of the AppSec California security conference. Jimmy has spent time on both the offense and defense side of the industry and is constantly working towards building modern, developer-friendly security solutions. Jimmy's core focus has been in application and cloud security with an emphasis on secure architecture, automated testing, developer training and defensive techniques.

Links:

• https://appsecusa2016.sched.com/event/7tAr/containerizing-your-security-operations-center
• https://www.youtube.com/watch?v=AEPg6kR7Gi4

Similar Presentations:

• Black Hat USA 2019 / Every Security Team is a Software Team Now
• Texas Cyber Summit 2019 / TH-3011 Passive DNS & pBGP in Depth Lab
• AppSec USA 2016 / Moving to the Left: DevOps practices and the changing role of SecOps