DEVOPS

4 DevSecOps Sessions at .conf22 You Do Not Want To Miss

Ready to learn, share, and network?

Splunk .conf22 is right around the corner! If you're like me, you're excited to get out and learn, share, and network with others. Be ready to innovate and participate either in Las Vegas or Virtual, so you can maximize your results.

Why Focus On DevSecOps

For the last decade, digital transformations and data have proven to drive results for organizations, and now a need for DevSecOps provides insights across everything to enable you to do more…sometimes insights you have never had before.

The 4 DevSecOps Sessions

Below are four key sessions focusing on DevSecOps, so as to enable you to quickly find what you need. (Participate live, or check out the on-demand, so you can learn and share.)

Session 1

SEC1383A - DevSecOps Delivers Results! [More Than the Latest Buzzword...Only From Splunk]

This is the beginning of a new solution that is being delivered by Splunk with input from key strategic relationships (partners, customers, analysts and Splunkers). The "DevSecOps" buzzword was pushed to the top as a way to address business challenges, but we're focusing on results and outcomes with Splunk as the platform. This panel of peers/SMEs will demonstrate the organizational challenges and the growing number of threats that are faced by a variety of organizations within DevOps and SecOps, how they come together and how Splunk as your data analytics platform enables DevSecOps. Join us as we show you how to maximize your investment and partnership with Splunk at the intersection of DevOps and SecOps…DevSecOps.

Matt David, Director, Accenture
David Rutstein, Principal Cybersecurity Analyst, GE Digital
Todd DeCapua, Director, Solution Innovation Engineering [IT/O11y], Splunk
Courtney Wright, Sr. Product Marketing Manager, Platform, Splunk
Paul Pelletier, Director, Security Field Solutions, Splunk

 

Session 2

SEC1339C - Delivering Delight: How Pipeline Analytics Reveals and Enables Successful DevSecOps Teams

DevSecOps is complicated, but at its root, the goal is to deliver business-enabling/user delighting services and applications quickly and securely. To do this, those services and apps need to work, perform well, are always available and secure. How are functional, performance, reliability, and security issues in your development pipelines handled? Often they are triaged and owned by separate silos and tools. Still, teams can harness the centralized visibility to make better-informed decisions and release higher quality, more reliable, and secure applications by centralizing data across your pipeline. We'll cover what some of those data sources are, how to collect and report them, and help show the future of DevSecOps collaboration!

Doug Erkkila, Solution Innovation Engineer, Splunk
Jeremy Hicks, Senior Observability Field Solution Engineer, Splunk

Session 3

OBS1648C - DevSecOps: Why You Should Care and How To Get Started

In this presentation, we will review where, how, and why traditional approaches to information security can break down when moving at the speed of DevOps. Next, we will talk about what people mean by DevSecOps and deep dive into the different aspects of DevSecOps, and how they cover the entire development lifecycle from planning through releasing and monitoring. We will discuss the benefits of adopting DevSecOps processes and how security and observability come together inside of DevSecOps. Finally, we will outline a plan for organizations to adopt a “crawl-walk-run” approach to DevSecOps.

Billy Hoffman, Sr. Principal Engineer, Splunk

Session 4

SEC1198C- DevSecOps - Detecting Suspicious GitHub Behavior With Risk Based Alerting and Enterprise Security

The list of software compromised through supply chain attacks is long: Solarwinds Orion, Mimecast, Kaseya and many more. These attacks compromised the source code repositories to distribute malware to the users. This talk will focus on detecting suspicious GitHub behavior to discover attacks on GitHub repositories. We are excited to talk about different attack patterns on GitHub, share best practices for onboarding of GitHub data and how to detect them with risk-based alerting (RBA). An end-to-end demo will explain everything you need to know to start detecting attacks on your GitHub projects.

Patrick Bareiss, Principal Threat Research Engineer, Splunk
Mauricio Velazco, Principal Threat Research Engineer, Splunk

Closing Thoughts

Gaining these insights from across all of your varied sources and systems, enables you to compete and win for your organization and customers like never before.

Leveraging all of your existing data, regardless of where (Development, Security, or Operations; or all 3, and more) or how it comes into your data platform is critical now.

Then leveraging Correlations, Data Models, Artificial Intelligence, Machine Learning, Automated Playbooks and a lot more…drives the value and acceleration to a new level, so as to mitigate and avoid outages and downtime while you compete in this modern age of data to achieve results.


Follow all the conversations coming out of #splunkconf22!

Todd DeCapua
Posted by

Todd DeCapua

Todd DeCapua is a passionate software executive, technology evangelist and business leader with extensive hands-on expertise.


Throughout his career, he has held various leadership and strategic roles in organizations like: Splunk, JPMorgan Chase & Co., CSC, Hewlett Packard, Shunra Software, TechBeacon.com, Vivit Worldwide, Apposite Technologies, TEDx Wilmington, ING Direct, Andersen Consulting, and more.


He is also an author and contributor, well known speaker / evangelist, and co-author of the O’Reilly published book titled, “Effective Performance Engineering” and “Blockchain for the Enterprise” and now completing a book on ‘Data’ with Manning Publications.