How to stop worring about application Container security

Presented at AppSec USA 2017, Sept. 22, 2017, 2:30 p.m. (45 minutes)

Containers make it easier to deploy the applications that drive business value, but also profoundly challenge existing security models. Learn from our journey as a security team that went from not knowing what containers were to championing their adoption in our production sensitive information workloads over traditional DevOps application deployments. • About Us • Our Application & Security Challenges • Our Container Journey • Building an Container Ecosystem • Learning Secure Application Containers • Benefits for DevOps and Security • Our Container Security Maturity Model • What's Next

Presenters:

  • Brian Andrzejewski - Information Security Engineer - U.S. Citizenship and Immigration Services (USCIS)
    Brian is the lead InfoSec Engineer in the CyberDefense Branch at the United States Immigration Services (USCIS), the world's largest immigration agency. He leads, engineers, and architects several of USCIS's security efforts, with his primary focus in application security and its automation with his DevOps teams, application container security, cloud security, and vetting hardening baselines for Federal sensitive information systems. He also serves as USCIS's official representative to DHS S&T Cyber Security Division's Software Assurance Sub-IPT for the ongoing need for forward-leaning software assurance R&D. Brian was also awarded the DHS 2016 Security Engineer of the Year by the DHS CISO for his innovative work in incorporating industry and federal security practices into USCIS's Federal DevOps security model and leading the USCIS Red Team to use of "live fire" security operations exercises to validate security procedures and implementations. One of these exercises created two DHS enterprise-wide security incidents that required the DHS CISO to resolve the vulnerabilities found. Brian's prior career before working at USCIS was with the Department of Defense Cyber Crime Center (DC3) where he performed public outreach in running the DC3 Digital Forensics Challenge and co-established the National Centers of Digital Forensics Academic Excellence (CDFAE) with academia. After DoD sequestration took effect, Brian worked for the DC3 information security team, where he performed static and dynamic assessments of applications produced for Authorization to Operate on U.S. Air Force networks. He was also selected to represent his agency and lead the DC3 developer teams in creating the first and second generations of unclassified, cyber threat machine-based information exchanges to meet the CNCI-5 White House initiative to connect the five Federal Cyber Centers. Before directly hired by the Federal Government, Brian was a former web application developer, a senior system administrator and incident responder in corporate healthcare, managed multi-million IT procurement acquisitions and procurement systems, and a help desk technician in academia. He is passionate about hands-on training to develop the nation's future cybersecurity workforce and participates as a judge in several national high school and college cyber defense and forensic exercises.

Links:

Similar Presentations: