Shift-Left|Securityis|a|hot topic among software developers nowadays. The principle of "shift-left" is simple (think "left" along a timeline). It refers to the rapidly growing trend of security checks and controls moving to earlier in the code development pipeline. A couple of examples would be:
Those of you familiar with Cisco Live and the DevNet Zone know it's an amazing place to connect with peers, find pathways through challenges, and learn how-to _ (you fill in the blank)_ . This year you can attend sessions in-person or virtually. And, we have quite a number of sessions on shift-left security for you to consider. Listed below are 2 DevNet classroom sessions and 6 hands-on workshops. The workshops all make use of our new learning lab platform, offering a smooth integrated experience, without the need to install all kinds of requirements on your device.
Click on the session title below to learn more and to register
AppSec for a k8s and Other Cloud Native Worlds - DEVNET-3330
I will present this session together with Randy Birdsall, Sr. Director of Product Management with Cisco AppDynamics. We will cover a lot of ground in this session and have many demos for you to see. We will explain how to deploy a cloud-native microservices application in AWS, and add security in different steps of the development pipeline. We will add security before deployment, as well as security that can protect the production environment of the live application. You don't want to miss this one if you want to get a good overview of what is possible with Cisco to shift your security left! Join me onThursday, 12:00 PMin the DevNet Theater.
Software Supply Chain Attacks and How to Secure Your DevOps Pipeline - DEVNET-2470
This is a must-see talk by an external speaker from Cycode, Kyle Winters. Kyle has spoken at Cisco Live before and is a Distinguished Speaker. His session is about attacks on the supply-chain. As DevOps moves components into their Supply Chain Management (SCM), new security challenges emerge. Today, an incident in one of the DevOps stages can now compromise the entire pipeline. Attackers no longer have to directly exploit production apps to start an attack because modern SCM contain info to gain access production systems. Check out Kyle's session onTuesday at 4:00 PM.
DevNet Zone Workshops:
Real-world API Attacks, and How to Protect Your Cloud-native Apps -DEVWKS-2919
Brian Sak, Technical Solutions Architect at Cisco, will offer a very cool workshop on real-world API attacks. APIs are now a very common attack vector into these apps and visibility into their use (and misuse) is critical. This DevNet workshop will give you hands-on monitoring API calls within a Kubernetes-deployed, cloud-native application using APIClarity.Wednesday at 11:00 AM.
Introduction to APIClarity -A Wireshark for APIs -DEVWKS-2285
Staying on the APIClarity train we have another awesome workshop with. Not all applications in the cloud native world have their open API specification available -and this is especially true for legacy and/or external applications. When we try to utilize APIs or assess the risk of these APIs, having the open API specification is an essential and required building block. In this workshop, Zohar Kaufman, Director Engineering, and Alexei Kravtsov, Software Engineering Technical Leader, will introduce APIClarity - a new open source tool that will act as a Wireshark for APIs and, when installed in a Kubernetes environment. Their session is so nice, we will offer it twice! Tuesday at 3:00 PM and Thursday at 10:00 AM.
Automating Cyber Hygiene Operations with SecureX and Kenna Security -DEVLIT-1355
In a rush? We got you! Oxana Sannikova, Technical Solutions Architect at Cisco, will present a lightning talk (20 minutes) about Cisco Kenna's risk-based vulnerability management. In this quick session we will demonstrate how Cisco SecureX orchestration and Kenna Security can be leveraged to automate vulnerability management. Check it out.Monday at 10:30 AM.
Security at the Speed of Cloud -Security as Code -DEVWKS-2255
Is security making your process slow, making things complex, or is it an enabler? In this session, You'll see how you can build security into your CI/CD pipelines and be fully automated, integrated, and centrally managed. You will learn how to leverage Cisco security solutions like Secure Workload, Cloud Analytics, Secure Firewall Cloud Native and SecureX, to automate, orchestrate your security across the board, and meeting your compliance goals. Packed with demos and interactive hands on labs! Don't miss this awesome workshop by Barry Yuan, Technical Solutions Architect at Cisco onTuesday at 2:00 PM
Exploring Cisco Secure Workload (formerly Tetration) Programmability with Real-world Use Cases -DEVWKS-2160
This session will provide an overview of programmability tools and techniques available for Cisco Secure Workload (formerly Tetration). They will dive into use cases gathered from the customers we support to automate common workflows such as health checks and enforcement readiness. This workshop is presented by Furong Gisiger and Gabriel Fontenot, both Software Engineering Technical Leaders at Cisco Systems.Wednesday at 1:00 PM
Mitigate risks and secure your cloud-native applications -DEVWKS-2305
This session will focus on how Cisco solutions empower DevOps and Security teams to continuously protect their growing Cloud Native deployments from threats and vulnerabilities. And do it across images, containers, runtime deployments and Kubernetes infrastructure. This workshop is offered by Asifiqbal Pathan and Arvind Kumar, both Principal Architects at Cisco.Tuesday at 4:00 PM.
Enough content to look forward to? I am pretty sure you can fill your day quite well with all of these awesome Shift-Left security sessions. I am very much looking forward to this first in-person Cisco Live in a few years. Please join me in exploring the DevNet Zone until we have packed our brains with fresh new information.
Join our daily livestream from the DevNet Zone during Cisco Live!
Stay Informed!
Sign up for theDevNet Zone Cisco Live Email Newsand be the first to know about special sessions and surprises whether you are attending in person or will engage with us online.
We'd love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!
LinkedIn | Twitter @CiscoDevNet | Facebook | YouTube Channel