We’ll look at the environment evolution & share a few war stories/fails.Most importantly,we’ll discuss tips to help reduce attack surface by securing privileged secrets that allow access into Cloud environments plus ones that are used by your orchestration, automation, CI/CD, & the DevOps toolchain.

The world is changing and we’re seeing it everywhere. Gone is the complete reliance on physical data centers and ‘pet’ servers of yesteryear. The new Cloud data center is an app that is run by code, replacing human users. The application delivery pipeline is an app that was run by organic QA build and release engineers that is now run by code and not people. And guess what? Bad guys/gals couldn’t be happier because you have important stuff in there and assets that attackers crave. Combine that with workstation and data center exploits and you have a huge attack surface. Sprinkle in the fact that there’s now a tool/robot identity for pretty much everything and you’ll see shadow IT increase dramatically and islands of security become standard.

This has to stop and can be addressed with a few simple considerations with or without the use of paid software while keeping operational efficiency. This session will explore those options.

Joe Garcia, CISSP - Strategic Solutions Engineer, CyberArk

As a Strategic Solutions Engineer, Joe Garcia has a strong background in DevOps, Cloud and Security and is currently focused on helping customers implement and scale effective secrets management solutions. As CyberArk’s subject-matter expert in DevOps Security, Joe Garcia shares CyberArk’s vision of building a security community that is as agile as the automation they are securing in today’s fast paced environments. You can typically find him spreading that shared vision at DevOps events, conferences, webinars, podcasts, and anywhere automation is a hot topic. Prior to that, as a CyberArk customer, Joe worked at Raymond James Financial, most recently serving in their Security Operations Center (SOC) focused on Vulnerability and Monitoring - dealing with everything from data automation from the Qualys Cloud all the way down to producing comprehensive compliance metrics for the division. Joe is a CISSP, Six Sigma Yellow Belt, and is a Certified AWS Technical Professional.

Social

Twitter: @Joe_Garcia LinkedIn: /in/JoeGarciaFL GitHub: infamousjoeg KeyBase.io: infamousjoeg

Previous Speaking Engagements & Podcasts:

Application Security Weekly ITPro.TV Technado Podcast