If you are building applications which are critical for your organization's revenue than you would be looking at a zero trust future for most of the applications. Zero Trust is already being seen in how applications are built in cloud, how we work with our open source libraries, how we share data with third party services and more. As someone who worked in a developer first organisation - during the talk i will share practical guide to start working on Zero trust, where it fails even before it starts and where you would see quick wins. TL;DR the answer is not really DevSecOps.
Interview:
What's the focus of your work these days?
I've had over 13+yrs experience in the CyberSecurity industry with the last 7 focussing working with Enterprise in managing security risk at scale in Cloud first world and was the CISO of a global Cloud First Tech company in my last role. I'm also a Keynote speaker and host of the wildly popular Cloud Security Podcast, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security, DevSecOps & AI Security. I'm a frequent contributor on topics related to Security Leadership in public cloud & AI and the associated security challenges for practitioners, leaders and CISOs.
What's the motivation for your talk at QCon London 2024?
Zero Trust as a subject is extreme, it sounds exclusive, but is that a bad thing? Zero Trust allows exclusive traffic only between trusted sources, e.g., 2 servers in the same network; now, is that a bad thing? I imagine most of you thought No. There are many more examples of what the principle of Zero Trust is intended for and is practical in the context of an organization, but often, because of a lack of practical examples, it is always looked at as too much work or complex. My motivation for the talk is to show the practical side of Zero Trust and also the impractical parts which should be considered if working on starting and implementing Zero Trust in your organization.
How would you describe your main persona and target audience for this session?
The target audience would be experienced developers or technical leaders who are tasked to understand and perhaps even implement zero trust in their business unit or organization.
Is there anything specific that you'd like people to walk away with after watching your session?
The audience will walk away with a practical list of starting points to implement zero trust principles, clarity on myths around the understanding of zero trust, and the pitfalls of not starting zero trust at the right stage of their respective organization.
Speaker
Ashish Rajan
CISO @Kaizenteq Ltd, Host of "Cloud Security Podcast", and SANS Trainer for Cloud Security, 13+ Years Experience in the CyberSecurity Industry
Ashish has over 13+yrs experience in the CyberSecurity industry with the last 7 focussing primarily helping Enterprise with managing security risk at scale in Cloud first world and was the CISO of a global Cloud First Tech company in his last role. Ashish is also a Keynote speaker and host of the wildly popular Cloud Security Podcast, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation, Cloud Security, DevSecOps, Kubernetes Security, AI Security and the associated security challenges for practitioners and CISOs.
Find Ashish Rajan at:
Date
Wednesday Apr 10 / 10:35AM BST ( 50 minutes )
Location
Mountbatten (6th Fl.)
