May Meeting – Continuous Opportunity: DevOps & Security (Eric Johnson)

Edit: Thanks for Eric for his presentation last night! Slides are available here:
I’m excited to announce Eric Johnson (@cddsecurity), appsec expert extraordinaire and SANS instructor and leader, will be presenting for our May meeting. See details below!
Please RSVP here by May 13. 
Topic: Continuous Opportunity: DevOps & Security
Speaker: Eric Johnson, Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS
Date: Wednesday, May 18th
Time: 6-7pm (doors open at 5:30)
Where: Workiva (2900 University Blvd, Ames) – see below
As always, if your organization is up for sponsoring food, let me know!
With DevOps practices spreading throughout many organizations, development and operations teams are creating tools and gathering ongoing data to deliver features to end users at an ever-increasing rate. This can be an immense challenge when the security team is left out of the loop, and an even bigger opportunity when security can bring actionable ideas to the table.
We will explore some concrete ways that security teams can gain visibility into a rapidly changing environment by adding value to the pipelines which power the DevOps practice. Attendees will leave with some approaches to incorporate security into the DevOps pipeline, starting with small, simple steps that provide insight into the flow of features from “idea” to “delivered”.
Eric Johnson is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. His experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. He is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. Eric serves on the advisory board for the SANS Securing the Human Developer awareness training program and is a contributing author for the developer security awareness modules.  Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.
Please park in either rear parking lot (P1 Parking, below) and make your way along the sidewalks behind the building to the big glass Atrium!
Upcoming Meeting Dates (Let me know if you’re interested in presenting, hosting, or sponsoring food!):
  • May 18
  • Aug 17
  • Nov 16