Making Security Approachable for Developers and Operators

Explore a conference talk from AppSecUSA 2018 that addresses the challenge of making security more accessible to developers and operators. Learn how to apply best practices and integrate security into DevOps processes through APIs, secure-by-default platforms, and policy as code. Discover strategies for simplifying complex security concepts, moving beyond the traditional "castle and moat" model, and implementing a zero-trust approach. Gain insights into secret management, data protection, and traffic authentication/authorization. Examine the division of labor between security teams and developers, and understand how to effectively educate practitioners on security principles. Delve into the evolution of security concerns in modern application development and operations.

Intro
Security Mindset
Castle & Moat Security
Castle & Moat Mentality
Network Teams
Operations Teams
Castle & Moat Model
Consider: Network Integrity
Castle & Moat in Practice
Zero Trust Model
Secret Management
Data Protection
Traffic AuthN / Authz
Complexity of Security
Java 7: Cipher Class Documentation
Java Documentation
Path Forward
Splitting the Problems
Platform Layer
Application Middleware
Vault for Cryptographic Offload
Frameworks
Application Logic
Division of Labor
Security Teams
Developer Teams
Practitioner Education
Teaching Security
Traditional Security
Growing Application Concerns