Emma Yuan Fang
Emma is an Enterprise Security Architect at EPAM Systems, with expertise spanning cloud security, DevSecOps, and security strategy. In her current role, she designs and implements security solutions into cloud platforms and software development projects for her clients. Formerly at Microsoft, she delivered cybersecurity projects and technical workshops to diverse clientele, from emerging tech startups to established FTSE 100 firms. She is passionate about cloud security, Zero Trust, and AI/ML security. Alongside her professional work, Emma is dedicated to promoting a more diverse workforce in cybersecurity through mentorship and community programs. She is an ambassador of WiCyS UK&I, a member of the Industry Advisory Board for the Faculty of Computing, and a guest speaker at the University of Buckingham in the UK.
Session
The 'Cloud-Native' approach like microservices, serverless functions and containers have gain popularity in application development. While offers significant benefits like scalability and resiliency, they also created a more complex and distributed attack surface, leaving the DevOps environment vulnerable to threats like supply chain attacks and lateral movement. Consequently, It's crucial for organizations to rethink their strategies towards DevOps and pipeline security. This talk aims to address 'Cloud-Native' security challenges in DevOps, through the lens of Zero Trust's core principles - verify explicitly, least privilege access and assume breach. By drawing insights from real-life attacks, we will present the cloud-native DevOps threat landscape; the talk concludes with guidance for implementing Zero Trust Security to secure the CI/CD pipeline and DevOps environment, highlighting key priorities and capabilities to consider when developing your DevOps Security strategies.