DevSecOps

Secure Your DevOps: Hands-On Mastery for IT Pros

Integrate security into your DevOps processes with precision. Acquire practical skills for securing Kubernetes using eBPF, addressing vulnerability fatigue through a risk-based approach, and embedding Zero Trust Security within your CI/CD pipelines. This track offers IT craftsmen hands-on experience, empowering you to enhance software security, resilience, and alignment with modern practices.

Speaker Programm Program

DevSecOps

Learn from Industry Leaders about:

Threat modeling in the cloud: Maximising Security with Threat Modelling in the Cloud
Infrastructure security: Best Practices & Proactive Measures for Infrastructure Security
eBPF for security: Primer on eBPF
Vulnerability management: Hacking Vulnerability Fatigue – Prioritizing and Managing Security Risks
Agile threat modeling: Threat Modeling for Agile Development
Zero Trust security: Achieving Zero Trust Security in a DevOps Environment
Service mesh security: Istio Ambient Workshop – Manage mTLS, AuthN, and AuthZ
Cloud-native threat modeling: Zero Trust Threat Modeling for Cloud Native Systems

Track Speakers Munich 2024

Track Speakers Berlin 2025

Track Program Berlin 2025

Track Program Munich 2024

Track Sessions Berlin 2025

WORKSHOP

In this all-day workshop you will learn how authorization, NetworkPolicies, webhooks and controller in Kubernetes work.Beside an SSH-agent and a browser you only need to bring basic Kubernetes know-how, so we can freely deep dive into the topics.You Read more...

Erkan Yanar, Erkan Yanar IT-Consulting

WORKSHOP

Service Mesh Security Workshop with Istio Ambient: Manage mTLS, AuthN and AuthZ

In this workshop, participants will be shown the possibilities that a service mesh tool like Istio Ambient offers in terms of security. Istio Ambient enables a new service mesh architecture that completely eliminates sidecars. After a brief introduct Read more...

Michael Hofmann, Hofmann IT-Consulting

KEYNOTE

Welcome and Opening Remarks

Welcome and opening remarks by the Program Chair Sebastian Meyen. Read more...

Sebastian Meyen, Software & Support Media GmbH

SESSION

Security Pipeline at Scale - DevSecOps at Airbus

How do you perform a security check of all Git repositories? With a total of 12K active developers and more than 50k repositories, in Airbus commercial Aircraft we're running the security scans at scale based on Event or on Demand! It's an MFT where Read more...

Guillain Sanchez, Airbus

SESSION

Primer on eBPF

Some of you might know BPF (Berkeley Packet Filter) from tcpdump. eBPF is basically an enhanced BPF. With eBPF, we can load code into the Linux kernel. It is somewhat similar to Linux modules but "version-independent" and in a sandbox environment (VM Read more...

Erkan Yanar, Erkan Yanar IT-Consulting

SESSION

Quality assurance for contingency plans

When was the last disaster test? How much did it cost and can we really trust our plans now? An contingency plan with guaranteed quality and an SLA would be much better than testing something once a year with a lot of manual effort that might not eve Read more...

Schlomo Schapiro, Tektit Consulting

View all sessions

09:00 - 17:00

WORKSHOP

Advanced Kubernetes Workshop

Erkan Yanar, Erkan Yanar IT-Consulting

09:00 - 17:00

WORKSHOP

Service Mesh Security Workshop with Istio Ambient: Manage mTLS, AuthN and AuthZ

Michael Hofmann, Hofmann IT-Consulting

Tuesday

17 June 2025

09:00 - 10:00

KEYNOTE

Welcome and Opening Remarks

Welcome and opening remarks by the Program Chair Sebastian Meyen. Read more...

Sebastian Meyen, Software & Support Media GmbH

14:45 - 15:30

SESSION

Security Pipeline at Scale - DevSecOps at Airbus

Guillain Sanchez, Airbus

16:00 - 16:45

SESSION

Primer on eBPF

Erkan Yanar, Erkan Yanar IT-Consulting

17:15 - 18:00

SESSION

Quality assurance for contingency plans

Schlomo Schapiro, Tektit Consulting

Wednesday

18 June 2025

09:00 - 10:00

KEYNOTE

Keynote will follow

Keynote will follow Read more...

Sebastian Meyen, Software & Support Media GmbH

10:30 - 11:15

SESSION

Backup and Disaster Recovery: Business as Usual or What Needs to Change Now?

The digital transformation has fundamentally changed our IT landscapes. Where once clearly defined on-premise systems had to be backed up, today we are faced with a complex network of traditional IT, cloud services, and SaaS applications. This new re Read more...

Schlomo Schapiro, Tektit Consulting

11:45 - 12:30

SESSION

Strengthening Infrastructure Security at PokerBaazi: Best Practices & Proactive Measures

The talk Strengthening Infrastructure Security at PokerBaazi: Best Practices & Proactive Measures is a compelling session that provides actionable insights into building a secure, reliable infrastructure for high-demand platforms. It is particularly Read more...

Siddharth Vijay, PokerBaazi (Baazi Games) - India's Biggest Online Poker Platform

15:00 - 15:45

SESSION

Spring Authorization Server

“Don't ever do this in the application! That's what identity services are for."Essential advice, as it can avoid a lot of redundancy, complexity and security issues. But what if the application itself is supposed to serve as an authorization server Read more...

Thomas Kruse, trion development GmbH

Thursday

19 June 2025

09:00 - 16:30

WORKSHOP

Workshop: Secure Your GitHub Pipeline – Integrating Open Source Security Checks

Join this hands-on workshop, led by DevSecOps expert Christian Schneider, to learn how to integrate security into your CI/CD pipeline using powerful open-source tools. Gain practical knowledge on implementing essential security checks within your Git Read more...

Christian Schneider, Schneider IT-Security

MORE TRACKS

Cloud, API & Identity Security

DevSecOps

Secure Coding & Software Development Lifecycle (SDLC)

AI-Powered Security Automation

Pentesting, Vulnerability Management & Forensics

Track Sessions of München

Die Workshops von 2024

WORKSHOP

Master Runtime Security: Hands-On Workshop with DevSecOps Pioneer Larry Maccherone

Learn how to identify and fix vulnerabilities in real-time with expert guidance from Larry Maccherone. This hands-on workshop will teach you how to protect your applications using cutting-edge tools and techniques, seamlessly integrate security into Read more...

Larry Maccherone, Contrast Security

KEYNOTE

Welcome and Opening DevOpsCon & IT Security Summit

Welcome and Opening DevOpsCon & IT Security Summit by David Penndorf from Software & Support Media GmbH. Read more...

David Penndorf, Software & Support Media GmbH

KEYNOTE

Adapting to Changing Needs in Space Exploration with Industrial DevOps

In an era where we expect to see more growth in space in the next 5 years than we have in the last 50 years, it's critical that we can adapt to changing needs and deliver faster while ensuring we are safe and secure. The space domain is no different, Read more...

Robin Yeman, Carnegie Mellon Software Engineering Institute

SESSION

Primer on eBPF

Erkan Yanar, Erkan Yanar IT-Consulting

SESSION

Trust your own Key Ring - The Power of Secrets Management in Sovereign IT Architecture

In the ever-evolving IT landscape, secrets management emerges as a vital pillar for keeping visibility over credentials and other secrets within and across multi-cloud architectures. Coupled with encryption technologies and key management, it forms a Read more...

Julian Iavarone, Imperva, a Thales Company

Martin Gegenleitner, Thales

SESSION

Zero Trust Threat Modeling for Cloud Native System

This talk delves into the imperative of modernizing threat modeling practices grounded in Zero Trust principles, illuminating efforts to establish uniformity in assessing and mitigating cybersecurity risks, especially for cloud-native systems. This t Read more...

View all sessions

09:00 - 17:00

Dali - WS

WORKSHOP

Master Runtime Security: Hands-On Workshop with DevSecOps Pioneer Larry Maccherone

Larry Maccherone, Contrast Security

Tuesday

3 December 2024

09:00 - 09:15

Ballsaal B

KEYNOTE

Welcome and Opening DevOpsCon & IT Security Summit

Welcome and Opening DevOpsCon & IT Security Summit by David Penndorf from Software & Support Media GmbH. Read more...

David Penndorf, Software & Support Media GmbH

09:15 - 10:00

Ballsaal B

KEYNOTE

Adapting to Changing Needs in Space Exploration with Industrial DevOps

Robin Yeman, Carnegie Mellon Software Engineering Institute

10:30 - 11:15

Dali

SESSION

Primer on eBPF

Erkan Yanar, Erkan Yanar IT-Consulting

10:30 - 11:15

Picasso

SESSION

Trust your own Key Ring - The Power of Secrets Management in Sovereign IT Architecture

Julian Iavarone, Imperva, a Thales Company

Martin Gegenleitner, Thales

11:45 - 12:30

Ballsaal C

SESSION

Zero Trust Threat Modeling for Cloud Native System

Omer Farooq, Auxin

14:00 - 14:30

Ballsaal B

KEYNOTE

The DevOps Umbrella: How Changing Needs Brought About Changing Teams

We've all seen the blogs with headlines "Is SRE replacing DevOps?" or "Platform Engineering vs. DevOps - Which is better?". Our ever-evolving industry has brought about new teams that work in new ways with new responsibilities after the DevOps revolu Read more...

Brittany Woods, H&R Block

15:00 - 15:45

Renoir

SESSION

How I used GitOps and CDevents to achieve automated compliance in a FinServ context

This session describes the challenge of many FInServ companies: how to bring together automation, standardisation and evidence of compliance.We will explore the pivotal role of GitHub, gitops and CDevents in DevSecOps delivery pipeline, to make sure Read more...

Manuel Schuller, Freelancer

16:15 - 17:00

Rumford

SESSION

Shift-Left is Failing Your Security Program: 6 Ways to Make it Work for You

Shift-left security was meant to transform application security by allowing security teams to catch vulnerabilities early and reduce risk. So why are so many organizations not seeing the promised ROI? In this talk, Boaz will challenge the notion that Read more...

Boaz Barzel, OX Security

17:30 - 18:15

Rumford

SESSION

Hacking Vulnerability Fatigue: A Practical Guide to Prioritizing and Managing Security Risks

Vulnerability fatigue is a growing concern for security teams overwhelmed by the constant deluge of alerts. This session explores how a risk-based approach to vulnerability management can alleviate this fatigue while improving your organisation’s sec Read more...

David das Neves, shiftavenue GmbH

Wednesday

4 December 2024

10:15 - 11:00

Ballsaal C

SESSION

Enhancing Public Cloud Security through Threat Modelling Techniques

In this session, we delve into how cloud security flaws were discovered within the public cloud across different Visma projects, and how those findings helped us to enhance threat modeling approaches. We'll showcase a varied collection of misconfigur Read more...

Romina Druta, Visma / University Politehnica Timișoara

10:15 - 11:00

Renoir

SESSION

Securing Your Ansible Playbooks: DevSecOps with Steampunk Spotter

Are you facing challenges in ensuring that your Ansible playbooks are secure and compliant throughout the development process? Security issues can quickly escalate into costly problems if not identified and resolved early. In this session, we’ll tack Read more...

Nejc Slabe, XLAB Steampunk

11:30 - 12:15

Dali

SESSION

Spring Authorization Server

Thomas Kruse, trion development GmbH

11:30 - 12:15

Picasso

SESSION

Strengthening Infrastructure Security at PokerBaazi: Best Practices & Proactive Measures

In today’s digital landscape, ensuring the security of the infrastructure is paramount. The gaming industry, specifically, has experienced tremendous growth and attracted millions of users worldwide. However, this popularity has made gaming companies Read more...

Siddharth Vijay, PokerBaazi (Baazi Games) - India's Biggest Online Poker Platform

13:45 - 14:30

Ballsaal B

KEYNOTE

Learning From Incidents - A Primer

Incidents are a fact of life, an inescapable cost of doing business. But they can teach us a lot about our organizations and our work! How we look at & learn from incidents has been evolving over the past decades, both in- and outside our industry. J Read more...

Michiel Rook, Freelancer

15:00 - 15:45

Picasso

SESSION

Achieving Zero Trust Security in a DevOps Environment

Transforming security practices to align with the dynamic nature of DevOps environments remains a critical challenge in today’s landscape. As organizations accelerate their digital transformation journeys, traditional perimeter-based security models Read more...

Shubham Thukral, Imagine Solution

15:00 - 15:45

Dali

SESSION

Choosing the Right Authentication for Your API: API Keys, mTLS, OAuth2, or JWT?

The proliferation of APIs has increased the attack surface for many companies. Security has not always kept pace accordingly.Tobias demonstrates and compares various authentication methods. In addition to Mutual-TLS, API keys, and usernames/passwords Read more...

Tobias Polley, predic8

15:00 - 15:45

Renoir

SESSION

Navigating Generative AI in DevSecOps: Opportunities and Pitfalls for Senior Leaders

Generative AI is getting ready to embed itself in DevSecOps. This talk explores "art of possible" use cases on the Dev and Ops side with GenAI. We also understand that GenAI is still in the initial stages of experimentation. This talk highlights som Read more...

Savinder Puri, Zensar Technologies

16:15 - 17:00

Picasso

SESSION

DevSecOps meets Reality

For a serious transformation, security by design must therefore also be part of the target architecture. The CNCF process and the US DoD's DevSecOps documents provide a framework that is then filled in with CIS, NIST, industry standards and BSI basel Read more...

Thomas Fricke, Freelancer

Thursday

5 December 2024

09:00 - 16:30

Ballsaal C - WS

WORKSHOP

Advanced Kubernetes Workshop

In this all-day workshop you will learn how authorization, NetworkPolicies, webhooks and controller in Kubernetes work. Beside an SSH-agent and a browser you only need to bring basic Kubernetes know-how, so we can freely deep dive into the topics. Yo Read more...

Erkan Yanar, Erkan Yanar IT-Consulting

09:00 - 16:30

Picasso / Dali - WS

WORKSHOP