"Shifting right" with policy as code
2022-07-25 , Room 1

So you've "shifted left," adding security to the software development lifecycle. Developers are checking for vulnerabilities in their work as they create, merge, test, and deploy. But you're missing half the equation if you're not "shifting right," so to speak, to leverage developers' knowledge in the security practice as well.

"Policy as code" lets developers codify the expected inputs, outputs, and behavior of applications. And once codified, defenses can be kept always up-to-date, without slowing you down.

In this talk, you'll learn the basics of policy as code, see some real-world examples, and learn how to get started applying the technology and techniques in your own environment.

Gabe is a seasoned security and automation practitioner with decades of experience. By day, he is a solutions engineer at Wiz, Inc., securing the cloud. Prior to that he worked at Palo Alto Networks, PuppetLabs, and Sony Playstation. (He's in the credits of over twenty video games!) Off the clock, he tinkers with wireless, picks locks (poorly), and promotes the use of technology for positive social change.