Reto Kaeser

You can’t hack what you can’t see

The 'castle and moat' is a myth. With 80% of traffic moving laterally, your biggest threat is already inside your perimeter.

You can’t hack what you can’t see
#1about 3 minutes

The cultural shift from DevOps to DevSecOps

DevOps succeeded by fostering a culture of shared responsibility, and now security must be integrated to break down the final silo.

#2about 8 minutes

Integrating security into requirements and design phases

Proactively address security by defining abuse cases during requirements and classifying or anonymizing data during the design phase.

#3about 5 minutes

Hardening the CI/CD pipeline with automated security tools

Shift security left by integrating automated vulnerability management for dependencies and continuous penetration testing into the CI/CD process.

#4about 3 minutes

Why traditional firewalls fail against internal east-west traffic

Most network traffic occurs internally between services (east-west), bypassing perimeter firewalls and exposing a soft interior to application-level attacks.

#5about 3 minutes

Moving from perimeter defense to workload microsegmentation

Protect against internal threats by decoupling security from the network and applying logical firewalls directly to each workload through microsegmentation.

#6about 4 minutes

Applying Zero Trust principles with security as code

Implement a Zero Trust model by having developers define workload communication intentions as code, which automatically generates and enforces security policies.

#7about 2 minutes

The benefits of a modern workload-centric security architecture

Adopting a Zero Trust, workload-centric model provides benefits like increased agility, complete application-level visibility, automated compliance, and real-time forensics.

#8about 1 minute

A developer's responsibility to build secure software

Developers must take ownership of security by adopting a paranoid mindset to build more resilient software in an increasingly dangerous cloud environment.

Related jobs
Jobs that call for the skills explored in this talk.

test

Milly
Vienna, Austria

Intermediate

test

Milly
Vienna, Austria

Intermediate

Matching moments

Cybersecurity is a foundational necessity not a passing trend
01:58 MIN

Cybersecurity is a foundational necessity not a passing trend

Decoding Trends: Strategies for Success in the Evolving Digital Domain

Shifting security left with collaborative threat modeling
24:17 MIN

Shifting security left with collaborative threat modeling

We adopted DevOps and are Cloud-native, Now What?

The expanding role of developers in security
00:45 MIN

The expanding role of developers in security

Vulnerable VS Code extensions are now at your front door

Common attack vectors and the zero trust principle
11:24 MIN

Common attack vectors and the zero trust principle

Walking into the era of Supply Chain Risks

Why developers make basic cybersecurity mistakes
00:28 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

The modern DevSecOps approach to application security
42:21 MIN

The modern DevSecOps approach to application security

Maturity assessment for technicians or how I learned to love OWASP SAMM

The expanding security responsibilities of developers
00:46 MIN

The expanding security responsibilities of developers

Vue3 practical development

How to shift left with a security champions program
1:23:29 MIN

How to shift left with a security champions program

Stranger Danger: Your Java Attack Surface Just Got Bigger

Featured Partners

Related Videos

See all videos
DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Why Security-First Development Helps You Ship Better Software Faster22:18

Why Security-First Development Helps You Ship Better Software Faster

Michael Wildpaner

Walking into the era of Supply Chain Risks37:36

Walking into the era of Supply Chain Risks

Vandana Verma

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?
CH
Chris Heilmann
Dev Digest 110 - XY marks the spotty security
This time we give you a collection of links about the XZ backdoor, solve the last CODE100 puzzle, announce the next round of it, let you play with colours and explain why Lava lamps are great to keep the web secure.News and ArticlesThe big piece of n...
Dev Digest 110 - XY marks the spotty security

From learning to earning

Jobs that call for the skills explored in this talk.

DevSecOps

DevSecOps

Devsecops

40-60K
DevOps
Docker
Jenkins
Openshift
+3