We were invited to run a two-hour learning lab on a topic of our choice this year at the RSA Conference. I suspect it will surprise… no one… that we chose Pragmatic SecDevOps as our topic.

This is a cool opportunity – it gives us a double-length session to mix in presentation, hands-on labs, demonstrations, and group activities. I realize some people roll their eyes when they see these buzzwords, but everything we will present is being used in the real world, often at leading-edge organizations. DevOps really is a thing, it really does affect security, and you really can use it to your advantage in super interesting ways.

Here is the official description.

Pragmatic SecDevOps

Date & Time: Wednesday, April 22, 2015, 10:20am-12:20pm

Abstract: As cloud and DevOps disrupt traditional approaches to security, new capabilities emerge to automate and enhance security operations. In this hands-on session attendees will learn pragmatic techniques for leveraging cloud computing and DevOps for improving security. Through a combination of demonstrations and exercises we will work through a string of real-world security automations.

We are still finalizing what will make the cut but here are some components we are considering including:

  • An updated (and concise) Pragmatic SecDevOps presentation to start the conversation.
  • A lab to automate embedding host security agents in cloud deployments (e.g., Chef/Puppet) and then use them to enforce security policies.
  • A lab to monitor your cloud security management plane.
  • A group exercise to adapt and embed security architectures to leverage new cloud capabilities. This one is interesting because we will be showing off some leading-edge architectures we are starting to see for DevOps and cloud deployments, which not many security people have been exposed to.
  • A security automation group exercise/hands-on lab where we will give you a library of Ruby methods to mix and match for different security functions.

That is a ton of content, and we may not get to all of it. I will streamline some of the labs that I normally have people work through manually in training, but we need to push through more quickly.

You need to pre-register to attend, and we will run a webcast in the beginning of April so people can prepare and be ready to participate in the hands-on sections. One nice thing about the Learning Labs is that they happen during the main conference – not the day before or at the end of the week.

Please feel free to drop us ideas, preferences, or comments below. We already have a lot of the content, but how we piece it together is still very much open to suggestion.