2024-11-02 –, Conference
In today's interconnected digital landscape, the security of supply chains has become a critical concern for organizations across various industries. With the proliferation of cyber threats and the increasing complexity of supply chain networks, traditional security approaches are no longer sufficient to safeguard against potential vulnerabilities. This paper explores the emerging paradigm of DevSecOps (Development, Security, and Operations) and its role in enhancing supply chain security.
DevSecOps integrates security practices seamlessly into the software development and deployment pipeline, fostering a culture of continuous security improvement throughout the supply chain lifecycle. By embedding security into every phase of the development process, from code inception to production deployment, DevSecOps promotes proactive threat detection, rapid response to vulnerabilities, and continuous compliance
Agenda:
Industry faces challenges due to rapid adoption of technology
Increasing complexity of supply chain networks
Emerging paradigm of Development, Security & Operations
Technical & Operational challenges we see today
Open Source solutions and out of the box solutions
In today's interconnected digital landscape, the security of supply chains has become a critical concern for organizations across various industries. With the proliferation of cyber threats and the increasing complexity of supply chain networks, traditional security approaches are no longer sufficient to safeguard against potential vulnerabilities. This paper explores the emerging paradigm of DevSecOps (Development, Security, and Operations) and its role in enhancing supply chain security.
DevSecOps integrates security practices seamlessly into the software development and deployment pipeline, fostering a culture of continuous security improvement throughout the supply chain lifecycle. By embedding security into every phase of the development process, from code inception to production deployment, DevSecOps promotes proactive threat detection, rapid response to vulnerabilities, and continuous compliance
The research talks about the complex case of Stregthing supply chain from multi-dimension perspective: Technology, Process and People.
With the introduction of Federal law around SBOM and the National Institute of Standards and Technology (NIST) to come up with a set of best practices to improve software security. It becomes ever so important to build a defensive mechanism around the following:
INDUSTRY FACES CHALLENGES DUE TO RAPID ADOPTION OF TECHNOLOGY in IaC, Containerisation, Multi cloud setup and taking in experience from the recent supply chain attacks
INCREASING COMPLEXITY OF SUPPLY CHAIN NETWORKS
I am covering in depth the recent breaches along with the root causes including
EMERGING PARADIGM OF DEVELOPMENT, SECURITY & OPERATIONS
and Concluding with where we are headed, how we can counter this
Tools, techniques and processes at help
This is considering my in depth research we did in our SDLC lifecycle with what tool we should select for SBOM
Entrepreneur, presenter, and a blogger, Ankit has a diverse background in writing informational blogs. A penetration tester by profession with 10+ years of experience and a security enthusiast by heart. Part time bug bounty hunter. Featured in Hall of fame of EFF,GM,SONY, HTC, Pagerduty, HTC, AT&T,Mobikwik and with multiple other Hall Of Fames. He loves speaking in conferences, has been a feature at TestTribe Calsoft 2024, Cyber Security Asia 2022, TestFlix 2021, COCON 2021, RedTeam Security Summit 2020, The Hackers Meetup 2020, AWS Community Day 2020, DeepSec Austria 2019, BSides Ahemdabad 2019, RSA APAC 2018, BSides Delhi 2017, CSA, Dehradun,Cyber Square Summit, OWASP Jaipur and has been a regular feature at Infosec meetups like Null and OWASP Delhi Chapter, TestTribe and Peerlyst meetups. He had presented his research on the following topics:
Strengthening Supply Chain Security: A DevSecOps Perspective
Mastering AWS Pentesting and Methodology
Cloud Security & Best Practices in AWS,
Ineluctable weakness of logical vulnerabilities
Pwning Windows Mobile Applications,
IoT Security Risks & Challenges,
Application of Machine Learning in Criminal Profiling,
Pentesting Mobile Applications.
Ankit has also taken hands-on session on Securing AWS environments at null Bachaav.
He has taken guest lectures in getting started with AWS, and Mobile computing at Fore School of Management.
Recently presented guest lecture on "Ineluctable weakness of logical vulnerabilities" at IIT Roorkee, Online Summer Training Program on Ethical Hacking and Cyber Security.
Another guest lecture at The Department of Information Technology of NIT, Online One Week International Webinar Series on Top Trending Technologies in the World.
He has published article in PenTest magzine on IoT security. He has been a featured profile at Peerlyst.