Reto Kaeser

You can’t hack what you can’t see

The 'castle and moat' is a myth. With 80% of traffic moving laterally, your biggest threat is already inside your perimeter.

You can’t hack what you can’t see
#1about 3 minutes

The cultural shift from DevOps to DevSecOps

DevOps succeeded by fostering a culture of shared responsibility, and now security must be integrated to break down the final silo.

#2about 8 minutes

Integrating security into requirements and design phases

Proactively address security by defining abuse cases during requirements and classifying or anonymizing data during the design phase.

#3about 5 minutes

Hardening the CI/CD pipeline with automated security tools

Shift security left by integrating automated vulnerability management for dependencies and continuous penetration testing into the CI/CD process.

#4about 3 minutes

Why traditional firewalls fail against internal east-west traffic

Most network traffic occurs internally between services (east-west), bypassing perimeter firewalls and exposing a soft interior to application-level attacks.

#5about 3 minutes

Moving from perimeter defense to workload microsegmentation

Protect against internal threats by decoupling security from the network and applying logical firewalls directly to each workload through microsegmentation.

#6about 4 minutes

Applying Zero Trust principles with security as code

Implement a Zero Trust model by having developers define workload communication intentions as code, which automatically generates and enforces security policies.

#7about 2 minutes

The benefits of a modern workload-centric security architecture

Adopting a Zero Trust, workload-centric model provides benefits like increased agility, complete application-level visibility, automated compliance, and real-time forensics.

#8about 1 minute

A developer's responsibility to build secure software

Developers must take ownership of security by adopting a paranoid mindset to build more resilient software in an increasingly dangerous cloud environment.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Cybersecurity is a foundational necessity not a passing trend
05:49 MIN

Cybersecurity is a foundational necessity not a passing trend

Decoding Trends: Strategies for Success in the Evolving Digital Domain

The expanding role of developers in security
04:48 MIN

The expanding role of developers in security

Vulnerable VS Code extensions are now at your front door

Shifting security left with collaborative threat modeling
03:08 MIN

Shifting security left with collaborative threat modeling

We adopted DevOps and are Cloud-native, Now What?

Common attack vectors and the zero trust principle
03:50 MIN

Common attack vectors and the zero trust principle

Walking into the era of Supply Chain Risks

The expanding security responsibilities of developers
04:00 MIN

The expanding security responsibilities of developers

Vue3 practical development

Why developers make basic cybersecurity mistakes
02:26 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

The modern DevSecOps approach to application security
04:29 MIN

The modern DevSecOps approach to application security

Maturity assessment for technicians or how I learned to love OWASP SAMM

How to shift left with a security champions program
08:08 MIN

How to shift left with a security champions program

Stranger Danger: Your Java Attack Surface Just Got Bigger

Featured Partners

Related Videos

See all videos
DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

Security Challenges of Breaking A Monolith45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Getting under the skin: The Social Engineering techniques43:56

Getting under the skin: The Social Engineering techniques

Mauro Verderosa

Cyber Security: Small, and Large!37:32

Cyber Security: Small, and Large!

Martin Schmiedecker

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!
Inside last week’s Dev Digest 214 . 🕵️ Claude source code leaked, analysed and re-written in 2 days 🐙 GitHub auto-opts users into feeding their code to train their AI 🌐 Pretext shows how to show complex text rendering in the browser 🤖 How to securin...
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!
DC
Daniel Cranney
The Overflow: 5 Security and Privacy Tools for Developers
We’re back again with another edition of the Overflow, where we share some of the best tools we’ve found from around the web that we just couldn’t cram into the already jam-packed editions of the Dev Digest. So let’s take a look at five security and ...
The Overflow: 5 Security and Privacy Tools for Developers
CS
Christina Schaireiter
Why Attend a Developer Event?
Modern software engineering moves too fast for documentation alone. Attending a world-class event is about shifting from tactical execution to strategic leadership. Skill Diversification: Break out of your specific tech stack to see how the industry...
Why Attend a Developer Event?

From learning to earning

Jobs that call for the skills explored in this talk.