Play all

How to Work in Cloud Native Security: Demystifying the Security Role Justin Cormack, Docker

How to Work in Cloud Native Security Demystifying the security role

working as a sysadmin in a university back in the days when every machine had public IP addresses • was an interesting target for people as we had lots of bandwidth not what I was expecting, which wa…

bringing security to a wider community working on Noise Protocol Framework capability based security lots to learn!

Most important things

for both offensive and defensive security, knowing an area in depth is hugely important • separates the script kiddies from the experts • the security issues are on the boundaries of the usual • play…

empathy security is unimportant most of the time • the best security is just there supporting people, it is not extra work for them

just breaking things is not sufficient fixing things is much harder you get exposed to the world of compromise • wanting to burn everything down is a fine thing, but it's not going to happen i

security is not just an engineering job get to meet your legal team and your PR team and sell security to the business • and compromise • work with product team

Demand for security people

What is cloud native security?

understand the threat model security is quality o handle errors and the unexpected o understand the issues in domain o write security tests threat • spend time attacking learn from external audits

you cannot tell anyone about what you do a lot of the time • not enough people, so often overworked • live away from the happy path

Description:

Explore cloud native security in this conference talk that demystifies the security role in modern environments. Gain insights from Justin Cormack, Security Lead at Docker and CNCF SIG Security member, as he shares his journey transitioning from ops to dev to security. Discover why security is crucial for everyone in cloud native settings, learn about the skills needed to work in this field, and understand the unique challenges and opportunities it presents. Delve into the importance of in-depth knowledge, empathy, and problem-solving in security roles. Understand the multifaceted nature of security work, including interactions with legal and PR teams, and the need to balance technical expertise with business acumen. Gain valuable perspectives on threat modeling, quality assurance, and the importance of both offensive and defensive security approaches in cloud native environments.

How to Work in Cloud Native Security - Demystifying the Security Role

CNCF [Cloud Native Computing Foundation]

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Threat Modeling #Defensive Security #Offensive Security #Programming #Software Development #Software Testing #Security Testing #Cloud Computing #Cloud-Native Security

0:00 / 0:00