A Zero Trust Future for Applications: Practical Implementation and Pitfalls

If you are building applications which are critical for your organization's revenue than you would be looking at a zero trust future for most of the applications. Zero Trust is already being seen in how applications are built in cloud, how we work with our open source libraries, how we share data with third party services and more. As someone who worked in a developer first organisation - during the talk i will share practical guide to start working on Zero trust, where it fails even before it starts and where you would see quick wins. TL;DR the answer is not really DevSecOps.

What's the focus of your work these days?

I've had over 13+yrs experience in the CyberSecurity industry with the last 7 focussing working with Enterprise in managing security risk at scale in Cloud first world and was the CISO of a global Cloud First Tech company in my last role. I'm also a Keynote speaker and host of the wildly popular Cloud Security Podcast, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security, DevSecOps & AI Security. I'm a frequent contributor on topics related to Security Leadership in public cloud & AI and the associated security challenges for practitioners, leaders and CISOs.

What's the motivation for your talk at QCon London 2024?

Zero Trust as a subject is extreme, it sounds exclusive, but is that a bad thing? Zero Trust allows exclusive traffic only between trusted sources, e.g., 2 servers in the same network; now, is that a bad thing? I imagine most of you thought No. There are many more examples of what the principle of Zero Trust is intended for and is practical in the context of an organization, but often, because of a lack of practical examples, it is always looked at as too much work or complex. My motivation for the talk is to show the practical side of Zero Trust and also the impractical parts which should be considered if working on starting and implementing Zero Trust in your organization.

How would you describe your main persona and target audience for this session?

The target audience would be experienced developers or technical leaders who are tasked to understand and perhaps even implement zero trust in their business unit or organization.

Is there anything specific that you'd like people to walk away with after watching your session?

The audience will walk away with a practical list of starting points to implement zero trust principles, clarity on myths around the understanding of zero trust, and the pitfalls of not starting zero trust at the right stage of their respective organization. 


Speaker

Ashish Rajan

CISO @Kaizenteq Ltd, Host of "Cloud Security Podcast", and SANS Trainer for Cloud Security, 13+ Years Experience in the CyberSecurity Industry

Ashish has over 13+yrs experience in the CyberSecurity industry with the last 7 focussing primarily helping Enterprise with managing security risk at scale in Cloud first world and was the CISO of a global Cloud First Tech company in his last role. Ashish is also a Keynote speaker and host of the wildly popular Cloud Security Podcast, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation, Cloud Security, DevSecOps, Kubernetes Security, AI Security and the associated security challenges for practitioners and CISOs.
 

Read more
Find Ashish Rajan at:

Date

Wednesday Apr 10 / 10:35AM BST ( 50 minutes )

Location

Mountbatten (6th Fl.)

Topics

zero trust security architecture cloud security

Share

From the same track

Session Ethical AI

Trends in InfoSec: Data Minimisation, Autoclassification, and Ethical AI

Wednesday Apr 10 / 11:45AM BST

Laws are changing around the world to require frequent disposal of high-risk information, to reduce the impact of (inevitable) breaches. As such, ‘records management’ is now cyber discipline, but one that has not previously been well enabled by technology.

Speaker image - Rachael Greaves
Rachael Greaves

CEO & Co-Founder @Castlepoint Systems, Australia's Most Outstanding Woman in IT Security, RegTech Female Entrepreneur of the Year, Women in Fintech Powerlist, Top 100 Innovator, CISM, CISA, CDPSE, & CIP

Session

Poetry4Shellz – Avoiding Limerick Based Exploitation and Safely Using AI in Your Apps

Wednesday Apr 10 / 02:45PM BST

LLM based AI has introduced huge shifts in the technology landscape in a very short amount of time, a consequence of which has been the immense pressure on organizations of all types to adopt and/or develop any and all things AI.

Speaker image - Rich Smith
Rich Smith

Session

Beyond the Breach: Proactive Defense in the Age of Advanced Threats

Wednesday Apr 10 / 01:35PM BST

Details coming soon.

Speaker image - Michael  Brunton-Spall
Michael Brunton-Spall

Deputy Director Cyber Policy and Solutions @Cabinet Office

Session

From Anti-Patterns to Best Practices: A Practical Guide to DevSecOps Automation and Security

Wednesday Apr 10 / 03:55PM BST

In the modern DevSecOps landscape, teams often struggle to achieve more with fewer resources, leading to the development of counterproductive habits. These habits can significantly hinder the ability to establish effective security programs.

Speaker image - Spyros Gasteratos
Spyros Gasteratos

Founder @Ocurity, Principal Security Engineer, Maintainer of opencre.org & github.com/ocurity/Dracon, 15+ Years Experience in Security