Breakpoint Security Podcast
Breakpoint-'Exploring the depths of Defensive Security'. The defensive side of Security is a world in itself with teams achieving amazing feats that involve excellent engineering practices and smart optimisation for scale. This is not talked about enough in the industry. Join me in the br3akp0int podcast as we reflect on the methods and approaches these smart teams use to solve practical challenges in information security and innovate their way into the future. Who is this meant for? : This podcast is for anyone in InfoSec willing to know more about advances in security techniques. This includes security researchers or professionals, product owners, compliance or cloud, AI/ML, threat intel, SecOps automation, Security Leaders, development teams, pentesters and security practitioners. A bit about me: I am a technical security enthusiast and have been dabbling my hands at both offensive and defensive security. I am passionate about growing security communities and have spoken and trained at various security conferences.
Breakpoint Security Podcast
#S02EP03 DevSecOps for teams building on Steroids | Akash Mahajan
TOPIC: DevSecOps for teams building on Steroids
Developers have already adopted public cloud in all tech enabled companies and industry verticals. Security teams are mostly for after the fact testing, signaling that compliance is in place or even as a sales aid when selling to large enterprises.
If Continuous Delivery is the goal (as that gets the business money) then the integration and deployment pipelines (CI/CD) are the assembly lines. Far too often under the misguided notions of shift left, security teams come and slow things down by adding security steps to such pipelines and are surprised when no one likes this.
This is what he was able to solve for Byjus enterprise business team and they presented this at DevOps Enterprise Summit 2021 Europe as well.
Guest: Akash Mahajan, Founder & CEO Kloudle,Appsecco
Before founding Kloudle, Akash started Appsecco in 2015. At Appsecco, they did security testing of products hosted in the public cloud. They tested 100s of applications. But instead of app bugs, they found most of the time cloud infra was misconfigured.
Humans make mistakes. So far most developers are human too. Project after project they hacked into customer's apps due to cloud misconfigurations. Therefore, they built Kloudle.
Kloudle automates cloud security to eliminate human errors in setting up and using cloud infrastructure. It answers 3 things. What's running, what's wrong, how to fix it. Automatically in a loop. A CSPM built for devs.
Recommended reading/viewing, for practitioners:
- The Phoenix Project [https://www.amazon.in/Phoenix-Project-Devops-Helping-Business/dp/1942788290]
- The Goal [https://amzn.eu/d/ebKsrd6]
- Accelerate [https://amzn.eu/d/41jhgu6]
- DORA Metrics [https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance]
- Turtles All The Way Down
- Scaling Enterprise BizOps by Automating DevOps Practices
- https://github.com/devopsenterprise/2021-virtual-europe/blob/main/PPT%20revamp%20-%20DevOps%20Enterprise%20Summit%20v6%20(2).pdf
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
