Puma Scan

When

November 28th at 6:00 PM

Where

NOTE: This is Gravitates Valley Junction location!

Gravitate Valley Junction
318 5th Street, West Des Moines, IA

Map Link

Talk Description

Modern development teams are delivering features at a rapid pace using modern technologies such as containers, microservices, and serverless functions. Operations and infrastructure teams are supporting these rapid delivery cycles using Infrastructure as Code, Test Driven Infrastructure (TDI), and cloud automation. Yet, most security teams are still using traditional security approaches and can’t keep up with the rate of accelerated change. Security must be reinvented in a DevOps world to take advantage of the opportunities provided by continuous integration and delivery pipelines.

This talk will introduce attendees to the SANS Secure DevOps Toolchain poster and explore the key phases of pre-commit and commit. In these phases, we will identify the key security controls and discuss the open source tools that integrate into the DevOps workflow. Attendees will walk away with a practical approach for building a successful DevSecOps program.

Eric Mead Bio

Eric Mead has more than 15 years of experience in software development, primarily in the financial and agriculture industries. His primary focus is the .NET framework, however, Eric has a considerable amount of experience in front end frameworks such as Angular and React. He has held positions as a software consultant, business intelligence developer and a senior software developer. At Puma Security, Eric is a software architect, writes static source code analysis rules, and contributes to the open source version. Eric holds a bachelor of science in computer engineering degree from Iowa State University, with emphasis in Software Engineering and Information Security.

Eric Johnson Bio

Eric’s extensive experience includes application security automation, cloud security reviews, static source code analysis, penetration testing, SDLC consulting, and secure code review assessments. As a co-founder of Puma Security, his passion lies in modern static analysis product development and DevSecOps automation.

Previously, Eric spent 5 years as a principal security consultant at an information security consulting firm helping companies deliver secure products to their customers, and another 10 years as an information security engineer at a large US financial institution performing source code audits. As a Certified Instructor with the SANS Institute, Eric authors information security courses on DevSecOps, cloud security, secure coding, and defending mobile apps. He serves on the advisory board for the SANS Security Awareness Developer training program, delivers security training around the world, and presents security research at conferences including SANS, BlackHat, OWASP, BSides, JavaOne, UberConf, and ISSA.

Eric completed a bachelor’s degree in computer engineering and a master’s degree in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.

Puma Scan is a software security analyzer that provides real time, continuous source code analysis for C# applications. With Puma Scan, vulnerabilities are displayed immediately in the development environment and appear as spell check and compiler warnings. Secure your code at the source.

Food and drink will be provided!