Christian Bauer
Software engineer turned security engineer.
Extensive expertise in cloud-native security, with hands-on experience across a wide range of security topics. From implementing security infrastructure and tooling all the way to security consulting.
Session
Security teams are often short-staffed and overburdened, but many of their tasks can be automated to alleviate this pressure. Automation enables the offloading of repetitive and mundane manual work, allowing security teams to focus on more complex and engaging tasks. Furthermore, automation facilitates the execution of large-scale security tasks that are not achievable manually.
This presentation will begin by exploring the specific automation example of External Attack Surface Monitoring (EASM), demonstrating its implementation using open-source tools.
Following this, the discussion will broaden to cover the implementation of a generic security automation platform. Examples will be provided of the types of tasks that can be automated, how they can be implemented and the tools available to achieve this.
While this talk aligns with DevSecOps principles, it is distinct in that it does not focus on CI/CD pipeline security. Instead, it addresses security automation that extends beyond security for software development activities.