Strange Loop

Automating Cloud Security and Incident Response (DevSecOps)

A common solution to cloud security is the gate keeper model. Old school security teams think they can prevent breaches by locking down the network and having all requests funnel through a ticket system. This model has the opposite effect and makes your cloud less secure. Solutions need to be implemented for each service and there is a lack of consistency. It also adds enough friction, so teams tend to skip it. In this talk we will discuss creating a security framework for your enterprise. It takes principles of automation from DevOps and applies it to security. A couple examples of this are creating cloud users through code so they all have the same password policy and access rules or using serverless to monitor for misbehaving vms.

Jearvon Dharrie

Jearvon Dharrie


Developer at comcast