Bristol Meetups

#50 Simon Minton - DevSecOps / Jan Grant & Matt Gilliard - Serverless Functions

// SIMON MINTON - DevSecOps: threat modelling and continuous assurance

Basically I want to give some background info on threat modelling - where it's come from and why it's gaining traction, give an example to demonstrate why it's so useful. Then I will segue into talking about the need for to adopt continuous assurance into development practices.

Threat modelling provides a great starting point to collaborate with peers on the attack vectors of an application, continuous assurance means that each stakeholder (from dev to product owner, to DBA) can track / remediate potential issues within the build over time.

From conversations with a number of tech companies that we're talking to, it seems that they're starting to get pummelled by requests from their integration partners (particularly API integrations) or their customers for more assurance around their development process and software composition. They have to provide point-in-time auditing of their processes - even in some cases their CTO has to spend half a day with customer to provide an explanation of how their processes and software are secure.

They are looking for an automated approach to demonstrating the health of their systems, which can be either given as a report upon request, or as a 'feed' to customers/ partners.

// About Simon
15 years in Cyber Security spent trying to patch holes, detect breaches and educate key stakeholders have taught Simon one thing; it's much better to build software securely by design than to try to fix it once it's in production.

Simon is an evangelist for the 'DevSecOps' movement, where security becomes an intrinsic part of the software development process.

In this world, developers collaborate with their peers to build software that is secure by design, automation minimises mistakes and ensures compliance, and the business can actually quantify and manage risk.

There are some inspirational people in the DevSecOps world, and Simon spends a fair bit of time travelling the globe to go meet them. He regularly organises cyber meetups and events, and generally tries to spread the word.

Simon studied Economics in the UK and Amsterdam, got the travelling bug, founded a few startups in some great cities across the world, and now resides back in the UK.

He is co-founder of RUGGD, a DevSecOps software platform which helps developers design and build secure software.

// JAN GRANT & MATTHEW GILLIARD - Serverless functions with Fn
We’ll talk about the open-source Fn project and some of the challenges involved in turning that into a multi-tenant service. In particular, we’ll examine multi-tenant workload isolation; looking at how we can share as much of the data-plane as possible, whilst keeping customers’ workloads from interfering with each other.

// About Jan
I work as part of the team building the Fn project (https://github.com/fnproject/fn) into a service. Prior to joining Oracle I worked (- with Matt!) on OpenStack; I seem to have had one foot in each of the “dev” and “ops" camps for most of my career.

// About Matt
TBC