Speaker

Gurpreet Sachdeva

Assistant Vice President - Technology, Altran

Bio

Gurpreet Sachdeva is a Technology Executive with 22 years of experience working on some of the most challenging technologies related to Communication Software, DevOps, Cloud Computing and Cybersecurity. Gurpreet did his B. Tech (C.S.) from NIT, Kurukshetra and M.S. (Software Systems) from BITS, Pilani. He is currently working as Assistant Vice President – Technology with Altran, Gurgaon. Being a keen Java enthusiast, has worked in Java EE Technology with almost every major application platform ranging from Tomcat to JBoss, Oracle Application Server and WebLogic. Gurpreet is an invited speaker in prestigious conferences like Oracle – Java One, Great India Developer Summit, Open Source India. He is a co-founder of Delhi – NCR – Java User Group and blogs at www.thistechnologylife.com.

Gurpreet has authored a book on Elastic Stack titled "Practical Elastic Stack" http://amzn.to/2hAw0LX

In collaboration with Packt publishers, Gurpreet has come out with a video course titled "Practical DevOps Security". https://bit.ly/2CIB2jv

Session Title

Keeping Software Secure in Agile

Session Overview

Cyber crime in its various forms is expected to cost the world more than US$6 trillion per year by 2021. There are nearly 1 Million Viruses and Malware created daily. With increased usage of open source and third-party components, it becomes challenging to insure these externally developed components do not introduce security vulnerabilities into the final product. While adoption of Agile practices leads to continuous software release but security checks get pushed towards the end of the release cycle. This more often than not leads to uncomfortable situations. Many times it leads to delays also. With higher code velocity comes the challenge of making sure every change is secure.

Security can no longer remain an after-thought, it has to be integrated at every stage of the software delivery life-cycle (design for security, secure coding, security testing, penetration testing in staging, and security monitoring in production). These controls can be tightly integrated in DevOps pipeline and become operational much like monitoring tools. Engineering teams have to continuously test for security at Development, QA and Staging phases. This session will explore how to integrate the ecosystem of technologies to build security checks in all phases of software development like Architecture, Design and Implementation in order to create a true DevSecOps practice.

Key Takeaways

  • What is the impact of Lean and Agile practices on Security verification?
  • How does adoption of Opensource and third party software increase the challenges of keeping our products secure?
  • How can you perform Security testing continuously in different phases of Agile software development?
  • How can adoption of DevSecOps practices lead to a culture of Continuous Security testing?
  • How to integrate tools and technologies to perform security checks in all phases of software development?