February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Thursday, February 2 • 3:50pm - 4:25pm
Security That Enables: Breaking Down Security Silos in the DevOps Ecosystem - Saurabh Wadhwa, Uptycs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This talk addresses two core themes: First, the rise in attackers targeting developers and container image repositories to access pre-production resources. Second, good security should enable DevOps teams to better perform their role, secure builds, and remove the stigma that security = roadblocks. First, we break down how traditional CI/CD workflows are siloed from a security tooling perspective. Siloed security tools create gaps when developer ecosystems are targeted, as it’s difficult to trace attackers across environments. Monitoring a developer’s laptop may be completely isolated from the security data from registry scanning, which in turn may be completely isolated from monitoring runtime services. Second, a walkthrough breaking down the step-by-step flow of the recent Dropbox breach where attackers targeted developers and ultimately stole 130 GitHub repositories. This will be a deep dive into how the attackers targeted developers by impersonating CircleCI, with the ultimate goal of stealing GitHub repos and accessing backend infrastructure. And third, we end with a more positive look at how the right security controls (zero-trust access and registry scanning) in the CI/CD process enable developer teams to better perform their roles and more confidently deploy builds.

avatar for Saurabh Wadhwa

Saurabh Wadhwa

Senior Solutions Engineer, Uptycs
Saurabh is a Senior Solutions Engineer at Uptycs focusing on securing cloud and container workloads. Saurabh has been passionate about working in the cybersecurity industry for the last 11+ years having worked in the UEBA, SIEM, Threat Intelligence, XDR, and CSPM spaces. He graduated... Read More →

Thursday February 2, 2023 3:50pm - 4:25pm PST
Room 606/607
  Supply Chains
  • Content Experience Level Any