Reto Kaeser

You can’t hack what you can’t see

The 'castle and moat' is a myth. With 80% of traffic moving laterally, your biggest threat is already inside your perimeter.

You can’t hack what you can’t see
#1about 3 minutes

The cultural shift from DevOps to DevSecOps

DevOps succeeded by fostering a culture of shared responsibility, and now security must be integrated to break down the final silo.

#2about 8 minutes

Integrating security into requirements and design phases

Proactively address security by defining abuse cases during requirements and classifying or anonymizing data during the design phase.

#3about 5 minutes

Hardening the CI/CD pipeline with automated security tools

Shift security left by integrating automated vulnerability management for dependencies and continuous penetration testing into the CI/CD process.

#4about 3 minutes

Why traditional firewalls fail against internal east-west traffic

Most network traffic occurs internally between services (east-west), bypassing perimeter firewalls and exposing a soft interior to application-level attacks.

#5about 3 minutes

Moving from perimeter defense to workload microsegmentation

Protect against internal threats by decoupling security from the network and applying logical firewalls directly to each workload through microsegmentation.

#6about 4 minutes

Applying Zero Trust principles with security as code

Implement a Zero Trust model by having developers define workload communication intentions as code, which automatically generates and enforces security policies.

#7about 2 minutes

The benefits of a modern workload-centric security architecture

Adopting a Zero Trust, workload-centric model provides benefits like increased agility, complete application-level visibility, automated compliance, and real-time forensics.

#8about 1 minute

A developer's responsibility to build secure software

Developers must take ownership of security by adopting a paranoid mindset to build more resilient software in an increasingly dangerous cloud environment.

Related jobs
Jobs that call for the skills explored in this talk.

Remote

Name of

Name of

Remote
Intermediate
PHP
Java
+1

Matching moments

Cybersecurity is a foundational necessity not a passing trend
05:49 MIN

Cybersecurity is a foundational necessity not a passing trend

Decoding Trends: Strategies for Success in the Evolving Digital Domain

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Shifting security left with collaborative threat modeling
03:08 MIN

Shifting security left with collaborative threat modeling

We adopted DevOps and are Cloud-native, Now What?

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
The expanding role of developers in security
04:48 MIN

The expanding role of developers in security

Vulnerable VS Code extensions are now at your front door

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Common attack vectors and the zero trust principle
03:50 MIN

Common attack vectors and the zero trust principle

Walking into the era of Supply Chain Risks

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
The modern DevSecOps approach to application security
04:29 MIN

The modern DevSecOps approach to application security

Maturity assessment for technicians or how I learned to love OWASP SAMM

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
The expanding security responsibilities of developers
04:00 MIN

The expanding security responsibilities of developers

Vue3 practical development

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Why developers make basic cybersecurity mistakes
02:26 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Key takeaways on IDE and developer tool security
02:28 MIN

Key takeaways on IDE and developer tool security

You click, you lose: a practical look at VSCode's security

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.

Featured Partners

Related Videos

See all videos
DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Security Challenges of Breaking A Monolith45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Getting under the skin: The Social Engineering techniques43:56

Getting under the skin: The Social Engineering techniques

Mauro Verderosa

Cyber Security: Small, and Large!37:32

Cyber Security: Small, and Large!

Martin Schmiedecker

Maturity assessment for technicians or how I learned to love OWASP SAMM1:41:05

Maturity assessment for technicians or how I learned to love OWASP SAMM

Mathias Tausig

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?
CH
Chris Heilmann
Dev Digest 110 - XY marks the spotty security
This time we give you a collection of links about the XZ backdoor, solve the last CODE100 puzzle, announce the next round of it, let you play with colours and explain why Lava lamps are great to keep the web secure.News and ArticlesThe big piece of n...
Dev Digest 110 - XY marks the spotty security
Dev Digest 113 - Debugging above the cloud
Hello there and welcome to Dev Digest 113! This time, we got an old friend in the sky back, jQuery asks us to upgrade and AI is eating the web. Also, are you sure the LLM you use is secure against code injection?News and ArticlesGood news everyone! N...
Dev Digest 113 - Debugging above the cloud

From learning to earning

Jobs that call for the skills explored in this talk.