Reto Kaeser

You can’t hack what you can’t see

The 'castle and moat' is a myth. With 80% of traffic moving laterally, your biggest threat is already inside your perimeter.

You can’t hack what you can’t see
#1about 3 minutes

The cultural shift from DevOps to DevSecOps

DevOps succeeded by fostering a culture of shared responsibility, and now security must be integrated to break down the final silo.

#2about 8 minutes

Integrating security into requirements and design phases

Proactively address security by defining abuse cases during requirements and classifying or anonymizing data during the design phase.

#3about 5 minutes

Hardening the CI/CD pipeline with automated security tools

Shift security left by integrating automated vulnerability management for dependencies and continuous penetration testing into the CI/CD process.

#4about 3 minutes

Why traditional firewalls fail against internal east-west traffic

Most network traffic occurs internally between services (east-west), bypassing perimeter firewalls and exposing a soft interior to application-level attacks.

#5about 3 minutes

Moving from perimeter defense to workload microsegmentation

Protect against internal threats by decoupling security from the network and applying logical firewalls directly to each workload through microsegmentation.

#6about 4 minutes

Applying Zero Trust principles with security as code

Implement a Zero Trust model by having developers define workload communication intentions as code, which automatically generates and enforces security policies.

#7about 2 minutes

The benefits of a modern workload-centric security architecture

Adopting a Zero Trust, workload-centric model provides benefits like increased agility, complete application-level visibility, automated compliance, and real-time forensics.

#8about 1 minute

A developer's responsibility to build secure software

Developers must take ownership of security by adopting a paranoid mindset to build more resilient software in an increasingly dangerous cloud environment.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Rapid-fire thoughts on the future of work
02:44 MIN

Rapid-fire thoughts on the future of work

What 2025 Taught Us: A Year-End Special with Hung Lee

Shifting from talent acquisition to talent architecture
03:28 MIN

Shifting from talent acquisition to talent architecture

The Future of HR Lies in AND – Not in OR

Proactively managing the risks of employee personal branding
03:14 MIN

Proactively managing the risks of employee personal branding

Leveraging Leaders’ Voices: The Business Power of Personal Branding

Breaking down silos between HR, tech, and business
03:39 MIN

Breaking down silos between HR, tech, and business

What 2025 Taught Us: A Year-End Special with Hung Lee

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Featured Partners

Related Videos

See all videos
Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Why Security-First Development Helps You Ship Better Software Faster22:18

Why Security-First Development Helps You Ship Better Software Faster

Michael Wildpaner

Walking into the era of Supply Chain Risks37:36

Walking into the era of Supply Chain Risks

Vandana Verma

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Related Articles

View all articles

From learning to earning

Jobs that call for the skills explored in this talk.