Matt Johnson (@metahertz) is a Developer Advocate for Bridgecrew.io, based in not-so-sunny Manchester, UK, he helps DevOps teams simplify, automate and improve their infrastructure security. Coming from a security and platform automation background, formerly at Cisco, he is excited by the disruptive power of Infrastructure as Code, container and serverless orchestration in bringing scalable, cost-effective IT to companies of all sizes, while also building awareness of the security challenges these new capabilities bring.Outside of work, he is learning to fly, and enjoys travel, aviation, rugby, steak and a growing whisky collection!
A tale of 3 goats – Immutable infrastructure security
Planning, provisioning, and changing infrastructure are becoming vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configurations upstream. In this talk: We’ll cover the current state of infrastructure security in the open-source registries. From there we will continue to discuss best practices for writing, testing, and maintaining infrastructure at scale, keeping the infrastructure code secured using open source scanners, and will review the vulnerable by design IaC projects: Terragaot, CDKGoat, and CfnGoat.We will cover infrastructure security use cases like encryption, public-facing data entities, and plain text secrets, And will show how to find those using policy as code.