Security by Design in a Continuous Deployment Shop


April 27th at 6:00 PM


Gravitate Conference Room
Sixth Floor
206 6th Ave Des Moines, IA

Map Link


Continuous Deployment is a practice used in software development to automate and improve the process of software delivery. Maintaining, analyzing, confirming, and reporting on the status of required information security, compliance, and privacy controls is a difficult and significant task for software and security engineers. This talk discusses real world applications and examples for integrating Security by Design with your Continuous Deployment environment. Tools include the use of Jenkins, Chef, Metasploit, Fuzzers, vulnerability scanning (Nexpose), test driven development, and system hardening.


This talk will be given by Nathan Gibson.

Mr. Gibson is an Information Security & Privacy Professional who specializes in continuous integration, inspection, and deployment environments. He brings information security and risk management concepts into the product portfolio realization pipeline and embeds the behavior naturally into design, develop, test, refactor pipelines as a member of the technical team.

Mr. Gibson is a systems administrator, network engineer, and active developer in both the private and open-source communities. He has over 15 years experience in health, financial, and government industries where he has successfully managed secure information systems in dynamic, multinational environments in alignment with NIST, ISO, HIPAA, Safe Harbor, COBIT and PCI expectations including audit preparedness, execution and remediation.

He served time in the United States Air Force, worked as the HIPAA Security Officer at the University of Oklahoma, led the Risk Management and Compliance Team at Dwolla, and served as the Lead Identity and Access Management Engineer at Wellmark BCBS. Mr. Gibson has also built, maintains and is growing his own startup named “BidOnMyJob, LLC”.

Mr. Gibson’s professional credentials include a Masters of Science in Information Assurance (MSIA), Certified Information System Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Security Manager (CISM), Cisco Certified Network Associate (CCNA) and Red Hat Certified Engineer (RHCE).

When not reading lengthy volumes of regulatory and compliance manuals or working on his startup, Mr. Gibson enjoys hunting with his family, training his bird dogs and actively participating in policy and legislation development in the state of Iowa.

Food and drink will be provided!