Shift-Left Security is a hot topic among software developers nowadays. The principle of “shift-left” is simple (think “left” along a timeline). It refers to the rapidly growing trend of security checks and controls moving to earlier in the code development pipeline. A couple of examples would be:
- adding security into the code writing process (for example by adding security plugins to an IDE)
- the code commit process (for example by using automated checks in the pipeline)
Cisco Live is a great opportunity to learn
Those of you familiar with Cisco Live and the DevNet Zone know it’s an amazing place to connect with peers, find pathways through challenges, and learn how-to _ (you fill in the blank)_ . This year you can attend sessions in-person or virtually. And, we have quite a number of sessions on shift-left security for you to consider. Listed below are 2 DevNet classroom sessions and 6 hands-on workshops. The workshops all make use of our new learning lab platform, offering a smooth integrated experience, without the need to install all kinds of requirements on your device.
Cisco Live sessions focusing on shift-left security
Click on the session title below to learn more and to register
I will present this session together with Randy Birdsall, Sr. Director of Product Management with Cisco AppDynamics. We will cover a lot of ground in this session and have many demos for you to see. We will explain how to deploy a cloud-native microservices application in AWS, and add security in different steps of the development pipeline. We will add security before deployment, as well as security that can protect the production environment of the live application. You don’t want to miss this one if you want to get a good overview of what is possible with Cisco to shift your security left! Join me on Thursday, 12:00 PM in the DevNet Theater.
This is a must-see talk by an external speaker from Cycode, Kyle Winters. Kyle has spoken at Cisco Live before and is a Distinguished Speaker. His session is about attacks on the supply-chain. As DevOps moves components into their Supply Chain Management (SCM), new security challenges emerge. Today, an incident in one of the DevOps stages can now compromise the entire pipeline. Attackers no longer have to directly exploit production apps to start an attack because modern SCM contain info to gain access production systems. Check out Kyle’s session on Tuesday at 4:00 PM.
DevNet Zone Workshops:
Brian Sak, Technical Solutions Architect at Cisco, will offer a very cool workshop on real-world API attacks. APIs are now a very common attack vector into these apps and visibility into their use (and misuse) is critical. This DevNet workshop will give you hands-on monitoring API calls within a Kubernetes-deployed, cloud-native application using APIClarity. Wednesday at 11:00 AM.
Staying on the APIClarity train we have another awesome workshop with. Not all applications in the cloud native world have their open API specification available – and this is especially true for legacy and/or external applications. When we try to utilize APIs or assess the risk of these APIs, having the open API specification is an essential and required building block. In this workshop, Zohar Kaufman, Director Engineering, and Alexei Kravtsov, Software Engineering Technical Leader, will introduce APIClarity — a new open source tool that will act as a Wireshark for APIs and, when installed in a Kubernetes environment. Their session is so nice, we will offer it twice! Tuesday at 3:00 PM and Thursday at 10:00 AM.
In a rush? We got you! Oxana Sannikova, Technical Solutions Architect at Cisco, will present a lightning talk (20 minutes) about Cisco Kenna’s risk-based vulnerability management. In this quick session we will demonstrate how Cisco SecureX orchestration and Kenna Security can be leveraged to automate vulnerability management. Check it out. Monday at 10:30 AM.
Is security making your process slow, making things complex, or is it an enabler? In this session, You’ll see how you can build security into your CI/CD pipelines and be fully automated, integrated, and centrally managed. You will learn how to leverage Cisco security solutions like Secure Workload, Cloud Analytics, Secure Firewall Cloud Native and SecureX, to automate, orchestrate your security across the board, and meeting your compliance goals. Packed with demos and interactive hands on labs! Don’t miss this awesome workshop by Barry Yuan, Technical Solutions Architect at Cisco on Tuesday at 2:00 PM
This session will provide an overview of programmability tools and techniques available for Cisco Secure Workload (formerly Tetration). They will dive into use cases gathered from the customers we support to automate common workflows such as health checks and enforcement readiness. This workshop is presented by Furong Gisiger and Gabriel Fontenot, both Software Engineering Technical Leaders at Cisco Systems. Wednesday at 1:00 PM
This session will focus on how Cisco solutions empower DevOps and Security teams to continuously protect their growing Cloud Native deployments from threats and vulnerabilities. And do it across images, containers, runtime deployments and Kubernetes infrastructure. This workshop is offered by Asifiqbal Pathan and Arvind Kumar, both Principal Architects at Cisco. Tuesday at 4:00 PM.
Enough content to look forward to? I am pretty sure you can fill your day quite well with all of these awesome Shift-Left security sessions. I am very much looking forward to this first in-person Cisco Live in a few years. Please join me in exploring the DevNet Zone until we have packed our brains with fresh new information.
To learn more about Cisco security solutions:
Sign up for the DevNet Zone Cisco Live Email News and be the first to know about special sessions and surprises whether you are attending in person or will engage with us online.
We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!