Rootconf Mini 2024

Description:

In this 40 minutes, we will start off with a brief introduction of DevSecOps and spend almost 30 minutes on the critical role of Security Information and Event Management (SIEM) components within the DevSecOps framework.

We’ll focus on why SIEM is essential part of business, and what SIEM solves and what it doesn’t solve. We’ll take a few security insights that are illusions and not necessarily important for business.

We’ll decouple the complexities of integrating SIEM in CI/CD pipelines, monitoring and adding rules for threat detection, signal vs noise on false positives, and the usual chaos of data integration. We’ll also touch upon the cost-benefit of running SIEM.

Takeaways:

• Audience would be left with knowing how to enable proactive security detection and response, implementing their DevSecOps processes.
• Audience would learn about trade-offs, and understand how to blend the business impacts to security events.

Audience:

Intermediate/Advanced.

• People preferably familiar with structured logging, basics of observability including logs, events, metrics, traces and not yet sandwiched Sec in their DevOps processes.