Organizations are rapidly moving towards microservice style architectures for their applications. Managing comprehensive security for continuous delivery of such applications across organizations continues to remain a serious bottleneck in the DevOps movement. Implementing effective security practices within delivery pipelines can be challenging.

The talk shall begin with a view of Continuous Application Security, through Application Security Automation with SAST, DAST & SCA and shall focus on real-world tools and techniques to automate application security tooling in CI/CD pipelines. Traditionally teams have used CI services like Jenkins to continuously deliver applications. But there are issues with running CI services like Jenkins on VPCs mainly due to the Maintenance Overhead and it not being well suited for Container-Native workloads & Cloud-Native Deployments. This talk aims to showcase innovative approaches to running DevSecOps pipelines with Cloud and Container Native approaches by leveraging services like AWS Fargate, Lambda and Step Functions for Security Orchestration and Security Workflows. The idea behind this approach is to leverage ephemeral compute technologies to run CI services as opposed to persistent services, thereby reducing the overhead and leveraging State Machines to run more complex security workflows, especially in Microservice workloads

Bio:
Nithin Jois is a Solutions Engineer at we45 - a focused Application Security company. He has helped build ‘Orchestron’ - A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production. Nithin and his team have extensively used Docker APIs as a cornerstone to most of we45 developed security platforms and he has also helped clients of we45 deploy their Applications securely. Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook - An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook. Nithin is an automation junkie who has built Scalable Scanner Integrations that leverage containers to the hilt and is passionate about Security, Containers and Serverless technology. He speaks at meetup groups, webinars and training sessions. He participates in multiple CTF events and has worked on creating Intentionally Vulnerable Applications for CTF competitions and Secure Code Training.

Nithin was a trainer and speaker at events like AppSecDC-2019, AppSecUS-2018, SHACK-2019, AppSecCali-2019, DefCon-2019, BlackHat USA 2019, AppSecCali-2020 and many more. In his spare time, he loves reading about personal finance, leadership, fitness, cryptocurrency, and other such topics.

Nithin is an avid traveler and loves sharing stories over a cup of hot coffee.

Newsletter
  • Get the latest DevOps jobs, events and curated articles straight to your inbox, once a week

  • Community Partners