Tag: CI/CD

CSA HKM Knowledge Sharing Event – May 2022

Covid-19 situation is less severe these days. Work from home is not strictly required now. Life is now back to normal. Under the new normal situation, Cloud Computing become a critical component in our daily work. One of the main concern in using Cloud Computing environment is the security.

How can we store secret across multiple cloud environment for secure cloud workflow? In this knowledge sharing session, we invited HashiCorp Cloud Platform to provide us with some insights.

Shohei Maeda, Developer Advocate for HashiCorp APJ will share with us how secret could be and should be stored in cloud and container environment. He will also bring us to the Zero Trust Security model to secure our workflow environment.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: May 19, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Managing Secrets at scale for a Secure Cloud workflow
SPEAKER: Shohei Maeda, Developer Advocate for HashiCorp APJ

CONTENT:
Traditionally, people, applications, and services with access to resources are given their own set of long-lived, scoped credentials.  As your organization, teams, and systems scale, the number of these credentials and the access to them will only increase over time, and are used everywhere which causes what is called “Secret Sprawl”.  Static credentials that exist in your workflows are always at risk of leakage and introduce a large attack surface.

This session will show you how you can apply a Zero Trust Security model that secures your workflows by leveraging dynamic and short-lived credentials.
With this, you are able to avoid managing static, long-lived secrets across systems, and giving direct access to these secrets is no longer required.

THE SPEAKER:
Shohei is a developer advocate at HashiCorp who loves learning new technologies. He lives in Tokyo, Japan.

With his broad experience in Infrastructure, security, and web engineering, he focuses on building new tools and tackling complex problems that developer communities run into to make their life easy and happy.

View the Presentation: https://www.youtube.com/watch?v=RZ3-rKiAEvY

CSA HKM Knowledge Sharing Event – April 2022

Covid-19 brings us a lot of challenges but at the same time with Work / Study at Home opportunity. We have secure a number of new study opportunities and learning opportunities to our members.

Firstly, as a CSA HKM Chapter member, you can enjoy our knowledge sharing session and claim CPE. Besides, if you are our member and have attended 3 of our knowledge sharing event sessions, you can then entitle to register for our CCSK course and CCAK course with special member discount (Membership – Associate Member).

In April we invited Mr Ken Zhang, Head of Security Hong Kong, Google Cloud, to join us again to share the new topic on Security Framework SLSA for CI/CD pipeline. Ken has delivered a talk for us on Cloud Infrastructure Continuous Compliance in November last year.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: April 21, 2022 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Ken Zhang, Head of Security Hong Kong, Google Cloud

TOPIC: Supply chain Levels for Software Artifacts (SLSA) – Open-source Security framework for Serverless and CI/CD Pipeline.

CONTENT:

SLSA is a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. The solution takes the conceptual framework and turns it into a reference architecture and actual implementation on GCP using native, serverless GCP CI/CD toolchain and Binary Authorisation.

You can directly borrow the solution demo setup & code to start their GCP based CI/CD pipeline design and build. You can also leverage the reference architecture to build out their own pipeline leveraging GCP Binary Authorisation and GKE, or your own pipeline on-premises or on other cloud.

THE SPEAKER:

Ken led multi-cloud security and transformation projects in Australia and the Greater China Region. He has experience helping organisations with their security and transformation journeys in banking, insurance, retail, health service and manufacturing industries

View the Presentation: https://youtu.be/C8h6mfM_VhY