DSC Germany

DevSecOps Afterwork Hamburg: OWASP DSOMM, Road to BaFin, Sec-Savvy Culture

with Mathias Conradt, Timo Pagel, Juri Jäger, Eike Lurz
play_circle

Description:

DevSecCon Germany hosted its first real-life meetup in 2023, right in the city center of Hamburg. Thanks to Sport Alliance for hosting the event!

We have 3 amazing talks and speakers lined up.

1. OWASP DecSecOps Maturity Model (DSOMM) – Timo Pagel
2. Case Study: Sport Alliance – Security-savvy Culture & The Road to BaFin
3. State of Open Source Security – Mathias Conradt

##

DSOMM – The DevSecOps Maturity Model
Speaker: Timo Pagel, DevSecOps Consultant & OWASP Project Lead

From a startup to a multinational corporation the software development industry is currently dominated by agile frameworks and product teams and as part of its DevOps strategies. It has been observed that during the implementation, security aspects are usually neglected or are at least not sufficient taken account of. It is often the case that standard safety requirements of the production environment are not utilized or applied to the build pipeline in the continuous integration environment with containerization or concrete docker. Therefore, the docker registry is often not secured which might result in the theft of the entire company’s source code.

The DevSecOps Maturity Model, which is presented in the talk, shows security measures which are applied when using DevOps strategies and how these can be prioritized. With the help of DevOps strategies security can also be enhanced. For example, each component such as application libraries and operating system libraries in docker images can be tested for known vulnerabilities. Attackers are intelligent and creative, equipped with new technologies and purposes. Under the guidance of the forward-looking DevSecOps Maturity Model, appropriate principles and measures are at hand implemented which counteract the attacks.

##

Case Study: Sport Alliance
The Road to BaFin & Security-Savvy Culture
Speakers:
Juri Jäger, Lead DevOps Engineer at Sport Alliance
Eike Lurz, DevSecOps Engineer at Finion Capital

Sport Alliance is taking sport and fitness training to a new level with a digital transformation worldwide. As the market leader in Germany, we specialize in solutions encompassing cloud-based gym management software, membership acquisition, financial services, and eCommerce.
Our Security-Savvy Culture (cloud security, defense in depth, zero trust security etc.)
Running a stable infrastructure in the cloud while adhering to the highest quality standards is our bread and butter; sticking to security best practices is no exception. Let us show you how we have incorporated a solid security concept built on Defense in Depth principles and the Zero Trust security model.

The Road to BaFin (and security-related challenges)

##

The State of Open Source Security – Addressing Cybersecurity Challenges in Open Source Software
Speaker: Mathias Conradt, Staff Solutions Engineer at Snyk

This talk will give insights into the current state of open source software security and methods to address and improve your cybersecurity posture. Open source security becomes a greater challenge as the software supply chain grows in complexity.
The State of Open Source report, on which insights will be based on, is a partnership between Snyk and the Linux Foundation, with support from OpenSSF, the Cloud Native Security Foundation, the Continuous Delivery Foundation, and the Eclipse Foundation. It is based on a survey of over 550 respondents in 2022 and data from Snyk’s Open Source solution.

Join the Community!

If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity

Tags:

Mathias Conradt

Staff Solutions Engineer at Snyk

About Mathias Conradt

Mathias comes with more than two decades of experience in software engineering and project management, with a strong focus on open source technologies. He was a visiting professor on Android development at the University of St. Joseph, Macau/China and ran his own software development company with offices in Germany, Hong Kong and the US for more than 15 years before switching to the vendor side and moving into the cybersecurity space. After focusing on Identity & Access Management at Auth0, he is now a Staff Solutions Engineer at Snyk with focus on application and cloud security.

Timo Pagel

DevSecOps Consultant & OWASP Project Lead

About Timo Pagel

After a career as a system administrator and web developer, he advises customers as a DevSecOps consultant and trainer. His focus is on security test automation for software and infrastructure and assessment of complex applications in the cloud.

Juri Jäger

Lead DevOps Engineer at Sport Alliance

About Juri Jäger

I am a passionate IT guy who is always eager to learn something new, contribute to the company’s success, and take on any challenge. To me, success is not only about selling products and services but also combining a business agenda with the needs of every colleague by enabling them to partake actively and reach their individual goals. Let’s build a strong team and move mountains together!

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close