Security That Enables - Breaking Down Security Silos in the DevOps Ecosystem

Explore a 21-minute conference talk that addresses the critical issue of breaking down security silos in the DevOps ecosystem. Delve into the rising threat of attackers targeting developers and container image repositories, and learn how effective security measures can empower DevOps teams rather than hinder their progress. Examine the traditional CI/CD workflows and their security tool silos, understanding how these gaps can be exploited when developer ecosystems are targeted. Follow a detailed walkthrough of the recent Dropbox breach, where attackers impersonated CircleCI to steal GitHub repositories and access backend infrastructure. Discover how implementing the right security controls, such as zero-trust access and registry scanning, can enhance the CI/CD process and boost developer confidence. Gain insights into creating a positive security culture that enables rather than obstructs, and explore solutions that bridge the gap between security and DevOps teams.

Intro
Agenda
Key Challenges in the Dev Ecosystem
Why Security Gaps Persist in the CI/CD Ecosystem
Securing Your CI/CD Pipeline
Dropbox: Breakdown of Events
Lessons Learned from Dropbox Breach
Good and Bad Security Cultures
Security Solutions that Enable
Conclusion