From DevOps to DevSecops - How to onboard security into your DevOps journey

So you were asked by a few devops teams to make them more secure. So you pick up their assets, review them and help them forward. But after that, when you leave them behind, more vulnerabilities get introduced. The question is: did your hacks bring long term value? Did you help them to get sustainable? Probably not. So how can you help them on the long term? How can you teach them how to fish instead of feed them?
Join us for a journey in how you can help customers to become sustainable in security when devops and agile are applied. We will start our journey with an assessment, then go through training the SRE, Devops and security teams, after we coach people to make better decisions. In the mean time we can do some sightseeing in automation, agile risk management and some darker pitfalls we fell for more than once.
Why: The devops journey often leads to a much more scalable environment, in which teams release much more often. However, not having the security quality gates in there, will often make way for introducing new vulnerabilities. Ot the other end: having slow manual checks by a security team will not help either. That is why we want to show how you can integrate security in your day2day work.


Riccardo ten Cate, Xebia

As a penetration tester from the Netherlands Riccardo specializes in application security and has extensive knowledge in securing applications in multiple coding languages.

Riccardo has many years of experience in training and guiding development teams becoming more mature and making their applications secure by design.

Riccardo also has expertise on implementing security test automation in CI/CD pipe-lines and is project leader of the OWASP security knowledge framework.

Ben de Haan, Xebia

Ben is an Agile security consultant working for Xebia, with experience as Security Engineer and DevOps engineer. His specialties are DevSecOps and SIEM, and he's a big fan of security automation.

After spending some time implementing and tuning SIEM systems at different customers, he worked on continuous hardening, internal monitoring, and retrieving and aggregating alert data from several customer sites for an MSSP. Ben likes contributing to open source projects like OWASP DefectDojo and Sigma when he gets the opportunity.