Defending Modern DevOps Environments: A Hands-On Approach

 

Skill Level: Intermediate

Student Requirements: Familiarity with at least one public cloud provider is recommended. Students should also have basic Docker knowledge and experience launching and managing basic cloud instances. Basic command line and scripting skills are highly recommended.

Laptop Requirements: Docker installed locally, SSH capability, a Google Cloud Account (Free Tier), and gcloud / kubectl installed and configured locally.

Overview

The Cloud as we know it is changing. Containers have taken the center stage as the preferred method of developing and deploying software into production. As security practitioners, we must adapt to the latest technologies or be left in the dust.

This technical course will focus on the ins and outs of building a modern cloud infrastructure capable of taking containers from a developer’s laptop to production, in a secure manner.

The hands-on portion of the course will rely heavily on Kubernetes for the deployment and orchestration of Docker containers. Each student will build a sandbox Kubernetes cluster from scratch using Google Container Engine (GKE). At the completion of this course, students will have an operational, version controlled, deployment pipeline capable shipping a container to Kubernetes cluster while performing a number of automated security checks along the way. A basic security monitoring dashboard will also be built to ensure the health of the production application.

All of the principals and tools covered can easily be applied to other cloud providers (AWS, Azure) as well as alternative container orchestration systems (Mesos Marathon, ECS).

Some of the principals and techniques covered in this course will include:

  • DevSecOps Principals
  • Kubernetes and Docker Security Controls
  • Third-Party Security Considerations
  • Identity and Access Management
  • Secure Deployment Pipelines
  • Security Automation
  • Infrastructure as Code
  • Scaling Security Operations
  • Data Security and Encryption
  • Logging, Monitoring, and Alerting
Jimmy Mesta

Jimmy Mesta

Jimmy is an application security leader that has been involved in Information Security for nearly 10 years. He is the chapter leader of OWASP Santa Barbara and co-organizer of the AppSec California security conference. Jimmy has spent time on both the offense and defense side of the industry and is constantly working towards building modern, developer-friendly security solutions. His core focus has been in application and cloud security with an emphasis on secure architecture, automated testing, developer training and defensive techniques.