Ryder Damen DevOps Engineer @ Indeni Cloudrail In this talk, we’ll evaluate tools and techniques for implementing continuous security at your startup at the infrastructure level. Quite often as DevOps engineers at startups, we’re expected to be experts in security, and that often isn’t the case. We know to keep our ports closed, and to operate on the principle of least privilege, but with infrastructure as code introducing a vulnerability is as easy as a missed line. In startup environments where things move fast, it can be easy to create an insecure cloud, especially when operating by yourself. We’ll review the concepts of Static and Dynamic security testing, and how the both can be combined to implement into your deployment pipeline. We’ll go over open source and managed tools that can assist you in the transition to DevSecOps and continuous security, as well as give examples of how to realistically implement this at your startup, and how to explain the business value of continuous security to your leadership team. At the end of the talk, you’ll have a clear understanding of the landscape of tools you can use today to help you secure your infrastructure, an understanding of why they can be valuable, and how to explain the business value of them to a non-technical leadership team. Other talks at this conference 🚀🪐 https://www.conf42.com​/devsecops2021 — 0:00 Intro 0:26 Talk