Before you can help DevOps teams solve security problems and improve their security programs, you need to understand how they think, how they work, and the tools that they use.
Part 3: In a recent Sonatype State of the Supply Chain report, a 750% year-over-year increase in supply chain attacks was observed. In response to the increase in supply chain attacks, an Executive Order led to the development of supply chain security guidance including NIST SP 800-218, also referred to as the Secure Software Development Framework (SSDF). In this webcast, attendees will learn how to develop, distribute, and deploy software safely and with industry-leading security such as Supply-chain Levels for Software Artifacts (SLSA, pronounced "salsa") provenance, Software Bill of Materials (SBOMs), and more.
Explore the rest of the Cloud Flight Simulator Series:
Part 1: GitLab CI, Workflows, and Secrets
www.sans.org/webcasts/cloud-f...
Part 2: Protecting Kubernetes Clusters with Admission
www.sans.org/webcasts/cloud-f...
Part 4: Least Privileged Pods with Kubernetes Workloads
www.sans.org/webcasts/cloud-f...
Learn more about SANS SEC540: Cloud and DevSecOps Automation course at www.sans.org/cyber-security-c...
About the Speaker:
Jon Zeolla is co-founder and CTO at Seiso, where he works with companies to secure their use of cloud native applications and environments, including contributing directly to open-source projects and industry standards on their behalf. In 2021 he was awarded Start-up Innovator of the Year by the Pittsburgh Technology Council. He is heavily involved in the Pittsburgh cybersecurity community in various ways, is an IANS faculty member, and a SANS Associate Instructor for SEC540: Cloud Security and DevSecOps Automation. Learn more about Jon at www.sans.org/profiles/jon-zeo...
SANS Cloud Security focuses the deep resources of SANS on the growing threats to The Cloud by providing training, GIAC certification, research, and community initiatives to help security professionals build, deploy and manage secure cloud infrastructure, platforms, and applications.
SANS Cloud Security Curriculum: www.sans.org/cloud-security
GIAC Cloud Security Certifications: www.giac.org/focus-areas/clou...
LinkedIn: / sanscloudsec
Discord: www.sansurl.com/cloud-discord
Twitter: @SANSCloudSec