Avatar

Shift-Left Security is a hot topic among software developers nowadays. The principle of “shift-left” is simple (think “left” along a timeline). It refers to the rapidly growing trend of security checks and controls moving to earlier in the code development pipeline. A couple of examples would be:

  • adding security into the code writing process (for example by adding security plugins to an IDE)
  • the code commit process (for example by using automated checks in the pipeline)

Cisco Live is a great opportunity to learn

Those of you familiar with Cisco Live and the DevNet Zone know it’s an amazing place to connect with peers, find pathways through challenges, and learn how-to _ (you fill in the blank)_ .  This year you can attend sessions in-person or virtually. And, we have quite a number of  sessions on shift-left security for you to consider.  Listed below are 2 DevNet classroom sessions and 6 hands-on  workshops. The workshops all make use of our new learning lab platform, offering a smooth integrated experience, without the need to install all kinds of requirements on your device.

Cisco Live sessions focusing on shift-left security

Click on the session title below to learn more and to register 

AppSec for a k8s and Other Cloud Native Worlds  –  DEVNET-3330

I will present this session together with Randy Birdsall, Sr. Director of Product Management with Cisco AppDynamics. We will cover a lot of ground in this session and have many demos for you to see. We will explain how to deploy a cloud-native microservices application in AWS, and add security in different steps of the development pipeline. We will add security before deployment, as well as security that can protect the production environment of the live application. You don’t want to miss this one if you want to get a good overview of what is possible with Cisco to shift your security left! Join me on Thursday, 12:00 PM in the DevNet Theater.

Software Supply Chain Attacks and How to Secure Your DevOps Pipeline  –  DEVNET-2470

This is a must-see talk by an external speaker from Cycode, Kyle Winters. Kyle has spoken at Cisco Live before and is a Distinguished Speaker. His session is about attacks on the supply-chain. As DevOps moves components into their Supply Chain Management (SCM), new security challenges emerge. Today, an incident in one of the DevOps stages can now compromise the entire pipeline. Attackers no longer have to directly exploit production apps to start an attack because modern SCM contain info to gain access production systems. Check out Kyle’s session on Tuesday at 4:00 PM.

DevNet Zone Workshops:

Real-world API Attacks, and How to Protect Your Cloud-native Apps – DEVWKS-2919   

Brian Sak, Technical Solutions Architect at Cisco, will offer a very cool workshop on real-world API attacks. APIs are now a very common attack vector into these apps and visibility into their use (and misuse) is critical. This DevNet workshop will give you hands-on monitoring API calls within a Kubernetes-deployed, cloud-native application using APIClarity. Wednesday at 11:00 AM.  

Introduction to APIClarity – A Wireshark for APIs – DEVWKS-2285

Staying on the APIClarity train we have another awesome workshop with. Not all applications in the cloud native world have their open API specification available – and this is especially true for legacy and/or external applications. When we try to utilize APIs or assess the risk of these APIs, having the open API specification is an essential and required building block. In this workshop, Zohar Kaufman, Director Engineering, and Alexei Kravtsov, Software Engineering Technical Leader, will introduce APIClarity — a new open source tool that will act as a Wireshark for APIs and, when installed in a Kubernetes environment. Their session is so nice, we will offer it twice!  Tuesday at 3:00 PM and Thursday at 10:00 AM.

Automating Cyber Hygiene Operations with SecureX and Kenna Security – DEVLIT-1355

In a rush? We got you! Oxana Sannikova, Technical Solutions Architect at Cisco, will present a lightning talk (20 minutes) about Cisco Kenna’s risk-based vulnerability management. In this quick session we will demonstrate how Cisco SecureX orchestration and Kenna Security can be leveraged to automate vulnerability management. Check it out. Monday at 10:30 AM.

Security at the Speed of Cloud – Security as Code – DEVWKS-2255

Is security making your process slow, making things complex, or is it an enabler? In this session, You’ll see how you can build security into your CI/CD pipelines and be fully automated, integrated, and centrally managed. You will learn how to leverage Cisco security solutions like Secure Workload, Cloud Analytics, Secure Firewall Cloud Native and SecureX, to automate, orchestrate your security across the board, and meeting your compliance goals. Packed with demos and interactive hands on labs! Don’t miss this awesome workshop by Barry Yuan, Technical Solutions Architect at Cisco on Tuesday at 2:00 PM

Exploring Cisco Secure Workload (formerly Tetration) Programmability with Real-world Use Cases – DEVWKS-2160

This session will provide an overview of programmability tools and techniques available for Cisco Secure Workload (formerly Tetration). They will dive into use cases gathered from the customers we support to automate common workflows such as health checks and enforcement readiness. This workshop is presented by Furong Gisiger and Gabriel Fontenot, both Software Engineering Technical Leaders at Cisco Systems. Wednesday at 1:00 PM

Mitigate risks and secure your cloud-native applications – DEVWKS-2305

This session will focus on how Cisco solutions empower DevOps and Security teams to continuously protect their growing Cloud Native deployments from threats and vulnerabilities. And do it across images, containers, runtime deployments and Kubernetes infrastructure. This workshop is offered by Asifiqbal Pathan and Arvind Kumar, both Principal Architects at Cisco. Tuesday at 4:00 PM.

Wrap-Up

Enough content to look forward to? I am pretty sure you can fill your day quite well with all of these awesome Shift-Left security sessions. I am very much looking forward to this first in-person Cisco Live in a few years. Please join me in exploring the DevNet Zone until we have packed our brains with fresh new information.

To learn more about Cisco security solutions:


Las Vegas
Join our daily livestream from the DevNet Zone during Cisco Live!

Stay Informed!
Sign up for the DevNet Zone Cisco Live Email News and be the first to know about special sessions and surprises whether you are attending in person or will engage with us online.

We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!

LinkedIn | Twitter @CiscoDevNet | Facebook | YouTube Channel



Authors

Christopher Van Der Made

Product Management Leader

Cisco XDR