DevOpSec: Rapid Security in the Cloud with AWS and CIS

High performance teams are releasing software to production several times a day. This poses a challenge to Ops and infosec who need to have the confidence that  these releases will not lead to a security breach in the infrastructure. DevOpSec or DevSecOps is a discipline where development, operations and  security work collaboratively to achieve security  compliance in agile teams. In this demonstration of our open source project, we show how we used DevOps and security best practices to achieve and test AWS infrastructure.

 
4 favorite thumb_down thumb_up 3 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

  • Introduction
    • DevOpSec
    • CIS benchmarks
  • Code Walkthrough & Setup
  • Integrating with your CI server
  • Future roadmap

Learning Outcome

After attending this session, you will learn about CIS security benchmarks for AWS – the consensus based best practices for information security. You will learn of different strategies to automate security and make fast changes to production infrastructure with a high level of confidence. You will see how we achieved compliance on some of our engagements that involved cloud based infrastructure.

Target Audience

Developers, Testers, Security Auditers, Managers

schedule Submitted 6 months ago

Comments Subscribe to Comments

comment Comment on this Proposal
  • Joel Tosi
    By Joel Tosi  ~  6 months ago
    reply Reply

    Hello,

       This could be an interesting presentation but I would like to see some sample of your previous presenations to get an idea for delivery of the topic.  Could you please provide something?

    Best,

    Joel

    • Mikhail Advani
      By Mikhail Advani  ~  2 months ago
      reply Reply

      Hi Joel,

      This is a work in progress project. We have not presented it anywhere yet. You can see the codebase at https://github.com/mikhailadvani/aws-security-test mentioned in the links section as well. We should be done with it within the next month or so and be ready with a presentation following that.

      Regards

      Mikhail

      • Mikhail Advani
        By Mikhail Advani  ~  5 months ago
        reply Reply

        Hi Joel,

        Slides uploaded

        Regards

        Mikhail


  • Liked Mikhail Advani
    keyboard_arrow_down

    Journey to the cloud - experiences in migrating an on-premise infrastructure to AWS

    Mikhail Advani
    Mikhail Advani
    schedule 6 months ago
    Sold Out!
    45 mins
    Experience Report
    Advanced

    We recently migrated the infrastructure of a consumer electronics manufacturer's marketing website from their in-house data center to the cloud. With this talk I aims to share experiences of our team, challenges faced, gotcha's and innovative steps we took move 125 servers to the cloud in 6 months

  • Liked Mikhail Advani
    keyboard_arrow_down

    Cloud Hosting - Amazon or Google? - A Case Study

    Mikhail Advani
    Mikhail Advani
    Siddharth Kulkarni
    Siddharth Kulkarni
    schedule 6 months ago
    Sold Out!
    45 mins
    Case Study
    Advanced

    With the advent of the cloud era and the multitude of cloud vendors, we wish to demonstrate a case study of a sample application hosted on two of the leading providers, Amazon and Google, and present our observations on various factors like cost, performance, reliability etc. in an attempt to guide the audience in making a decision in selecting their cloud service provider for their application.