Real Life Devsecops

Presented at ToorCon San Diego TwentyOne (2019), Nov. 8, 2019, 2 p.m. (25 minutes).

The healthcare industry is traditionally viewed as slow to adopt new technologies, with precious few examples to the contrary! This talk is about unfettering the modern (security) engineer, even in an environment as restrictive as healthcare, and without breaking (all the) things.

At $EMPLOYER, we've rapidly grown our Security Team, as well as the scope of what we handle. Our goal is to automate as much as we reasonably can. We will discuss the operational environment that we’re building to support our team. We’re embracing modern technology like Kubernetes, Terraform, GitHub, EKS, Kinesis, and Fluentd. We're building HIPAA-compliant security services to protect your medical information against actors anywhere, from regular scammers, to skilled actors with insider knowledge.

Presenters:

• John (@0xpookie)
  Pookie works for a regulated industry, that has recently expanded into the San Diego area! He works on the Security Operations Team where he helps with Security Engineering, Incident Response, and a wide variety of other activities. Pookie is the resident forensics expert for the team, in addition to being the preferred purveyor of spirits, and the designated Friday afternoon DJ.

Links:

• https://talks.toorcon.net/toorcon21/talk/BTNGWY/

Similar Presentations:

• AppSec USA 2015 / Security as Code: A New Frontier
• Black Hat USA 2017 / Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone
• Black Hat USA 2020 Virtual / Healthscare – An Insider's Biopsy of Healthcare Application Security