Securing Cloud Delivery Pipelines - Findings From A Blue/Red Team Security Simulation - Security BSides London 2021

As public cloud adoption continues to grow across government applications and services, it is now more critical than ever to understand the limits afforded by cloud security controls.

To help us better understand the security and risk implications of new paradigms such as continuous delivery pipelines and infrastructure as code, a blue/red team simulation exercise was undertaken.

As the tech lead of the blue team, I’ll present the context of the exercise and the threat model we developed for it, then discuss what worked and failed in defending the pipeline from a red team in possession of engineers’ credentials.

Continuous security in pipelines - XConf 2019

As the industry embraces a culture of automation and continuous delivery, the rate of change is faster than ever. Security testing traditionally happens just before deploying to production: can this scale when deployments happen more frequently? This talk will discuss how the same automation tooling that enables continuous change can be leveraged to enable continuous security too.