Shay Berkovich
Shay is part of the Threat Research team in Wiz (now acquired by Google) working on various aspects of container and SDLC infrastructure security with the emphasis on (on one hand) Kubernetes emerging threats and (on another hand) CI/CD and VCS security posture. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security research and security architecture. Shay holds a Masters’ degree from UW with (somewhat unexpected) thesis in runtime verification and has delivered multiple talks in academic and industrial security conferences.
Session
While we have robust frameworks for protecting endpoints and cloud (first and foremost MITRE ATT&CK), the infrastructure that builds our software has largely been a "choose your own adventure" of security controls. This doesn't cut when facing the modern SDLC Infrastructure attacks like Shai-Hulud, s1ngularity, GlassWorm etc. - there is no good "language" to describe and analyze them. That's why we built SITF.
The SDLC Infrastructure Threat Framework (SITF) is an open-source methodology for architecting defensible code-to-cloud environments. SITF shifts the focus from listing isolated risks to mapping the actual flow of an attack across the developer Endpoint/IDE, VCS, CI/CD, Registry, and Production and generating tailored security controls.
It's a framework with focus on practicality. Attendees will learn how to deconstruct a real-world SDLC attack with SITF visualizer, explore library of 80+ SDLC-specific techniques, to threat-model their own infrastructure, and generate a prioritized controls matrix. A special bonus - we'll demo the usage of Claude skills shipped with the framework to visualize and analyze the new attack in mere seconds.