Elbsides Keynote - Practice DevSecOps and Beyond

Abstract

With the arrival of Kubernetes and Containers and efforts of the Cloud Native Computer Foundation we also received the first practical guide to DevSecOps by the US Department of Defence. Even if we dislike the .mil, now  is the time to look deeper into the security  concepts of  public and private clouds. Which of the classic architectures will survive. What needs to be adapted or to be changed into  state of the art security concepts. How to keep up with the accelerating speed of attacks. How do we replace the castle moats and walls in an agile GitOps environment by fluent moves. How do we transform our security landscape into the modern world? What about Site Resilience Engineering, concepts like Zero Trust, and Chaos Engineering on security entities. Is this just Buzzword Bingo or can we turn these ideas into practical concepts?

Thomas Fricke

@thomasfricke

Dr. Thomas Fricke

  • Partner Endocode, Freelancer
  • Founder of two companies in stealth mode
  • Cloud Security Architect (mainly in Health Care and Energy)
  • SecDevOps
  • System Automation
  • Cloud, Database and Software Architect since 2005
  • Kubernetes since September 2015
  • Kubernetes Security
  • Advisory Board of Octarine (aquired by VMWare)
  • PhD in Statistical Physics (RWTH Aachen)

Pro Bono Activities

  • AG Kritis
  • Co-author Ein ort für öffentlichen Code
  • German IT-Planungsrat
  • Gaia-X
  • Berlin
  • Cyclist