Cloud Native Security Conference North America 2021

The future of security is here now, but isn't evenly distributed. Change is inevitable, but resistance to change may be even more inevitable. What can we do to help organizations overcome the resistance to improve? The social engineering to solve is at least as hard as the technical challenges. This presentation will mix research and anecdote to discuss security as a socio-technical system recognizing the agency of the humans involved in addition to the technology advances that are driving the state of the art to solve security problems more holistically from first principles.

Establishing and maintaining a Cloud Native Security policy is more than just installing tools and configuring Kubernetes. A solid security stance requires buy-in from the top leadership down to those implementing and using the system. Obtaining buy-in requires understanding the drivers that motivate Infosec's governance, risk management, and compliance. In this talk, Frederick will discuss how information security programs are structured and how to engage with the organization effectively to establish a scalable Cloud Native Security program. Frederick will discuss topics such as: What is Infosec? How does Infosec interact with the rest of the organization? How do these interactions translate to the procedures we use to defend our systems? Where do these procedures even come from? How do we collaborate with Infosec to help improve the company's security posture? How do we enlist Infosec as allies in our Cloud Native Journey? Finally, Frederick will discuss how to get involved with upstream communities which provide guidance, such as the CNCF Security TAG's Security Controls Catalog.