Shifting Security Left. No, further left!
Rapid iterations of DevOps, along with a host of new tools, can make an application security program seem like a square peg in a round hole as enterprises try to push Sec into the middle of DevOps. At the same time, modern applications rely on a more dynamic environment that can introduce new security challenges, particularly as they scale.
In this session, we will explore
- Best practices for making security and compliance ubiquitous, to reduce risk and cost.
- Security challenges of a changing software development lifecycle and of next gen software.
- Automating and monitoring secure development practices.
After attending, you will be prepared to identify gaps in your security program with pragmatic advice for how to reduce your risks.

To stay compliant, secure, you need to go faster. You may wonder how is that possible? Governance, Risk & Security — generally a bottleneck in most of the Banks/Financial Institutions for their DevOps transformation. Wait you have more to that story.
As we step into the eleventh year of the term “DevOps”, it is now mainstream in most of the organizations. It makes into the Strategy & Board meetings, CIO presentations, press releases and success parties.
As most of the organization just scratching the surface, there is a lot to take on when it comes to DevOps Transformation. The traditional Command & Control Governance model, afterthought Security discussion with your InfoSec big brothers, answering endless questions with your Risk line and auditors — How to fit in with our transformation?
BMK inspires you to have courageous conversations with your Governance, Compliance, Risk & Security folks and establishes the understanding it is a two-way road, that is all the parties to explore, learn, adapt and practice.
His talk will cover and help you to explore:
- From Centralized Committee Governance — Decentralized Automated Governance
- From Compliance tickbox exercise to Compliance as Code
- From faking the security audit to baking them into delivery pipelines
- From “No” to tedious audits to “Yes” to automated evidence/digital attestations

This talk will cover:
- Cultural divide between DevOps and security teams
- Federated responsibility model for AppSec
- The challenges of implementing this model in real life
- Quick look at how ZeroNorth’s platform can enable organizations to start
to address these challenges

Tired of slides? Watch this hands-on demo with Viktor Farcic to see how to create a full lifecycle of applications in production using the GitOps. See how a GitOps workflow is ideal for high-security environments and establish auditing trails and how it might change the way we define application lifecycle pipelines.

IBM Z has remained the backbone of the Financial Services Industry for its qualities of security, reliability, and availability. Now with OpenShift integration and DevOps capabilities, IBM Z continues to be a strategic component of your digital transformation. Join Rosalind as she talks about the latest enterprise technologies of Hyperprotect Virtual Servers, Confidential computing, and open CI/CD toolchains to support agility and cyber resiliency in your hybrid cloud environments.

DevOps teams are being asked to move at break-neck speeds to deliver new and engaging customer experiences. You rely on automated software pipelines to deliver cloud applications fast and secure. But
one of these things is not like the others. Enterprise security is lagging, still trying to use people and outdated processes to govern continuously changing and fast-moving public clouds.

Traditional security and governance approaches break in the cloud. To operate their businesses successfully in the cloud, Financial institutions must rethink security governance. Join Don Duet, CEO and Founder of Concourse Labs and former Goldman Sachs CIO to learn what changes are required for effective cloud governance so that you can safely achieve digital transformation at scale.

How can financial companies create the experiences that customers expect when they are sitting on decades-old technology? OutSystems provides proven ways of delivering web & mobile applications, integrations, and new tech like chat bots, AI, and ML all on one platform. During this session, Keith will explain how established financial institutions are adopting low-code solutions in order to catch up to the fintech disruptors and provide examples of proven results.

Capital One has been on a technology transformation journey for more than five years. It has been the first bank to exit data centers and move onto the public cloud. In this talk I will share a high level view of the transformation journey. I will also discuss some of the challenges that we faced and how we overcame them.

As financial institutions are adopting DevOps best practices to speed up application delivery the database remains the stumbling block causing delays, introducing risks, slowing down release cycles and wasting valuable internal resources. At the same time, compliance and audits are managed manually, complicating the process even further.

It is time to bridge the gap between the database and the CI/CD process in order to achieve faster release cycles and simplify compliance, security and auditing.

To thrive in the new world, we require a thoughtful redefining of what is a humane and effective enabler of transactions. The financial industry's digital transformation has accelerated at an unprecedented pace due to COVID-19. Over the past 7 months, we have seen the digital adoption in areas like everyday banking and e-commerce that would have been expected to take 7 years.

We are in the business of trust. That's why our teams must adapt quickly with innovative solutions to meet rapidly changing consumer and human needs.

While we adapt by increasing the speed of digitization and technology transformation, we must step back and ask ourselves whether we are transforming in a way that engages those human needs and builds authentic connections with the customers and communities that we serve.

Join my session to learn how TD Bank is tackling these challenges while positioning ourselves to be the better bank of the future.

This presentation is intended to guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline; by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline. A sample use case is also provided to further enforce these best practices. Ultimately, a DevOps automated governance process can give organizations the assurance that the delivery of their software and services are trusted.

In decades gone by the financial sector was seen as one of the pinnacles of software innovation. With the rise of technology giants e.g FAANG [Facebook, Amazon, Apple, Netflix, Google], the ability to be agile and move quickly has shifted public perception of innovation to high tech sector companies. With mottos such as “move fast and break things”, in the financial sector breaking things can have a grave impact on the financial markets and confidence.

To stay competitive and address customer needs and attract and retain modern development talent, financial services firms have been adopting Continuous Delivery. Not only for technology and business to consumer firms, Continuous Delivery is a spectrum that many financial service firms are on the journey to adopt. Learn in this talk about ways that financial service organizations can embrace the motto “move fast and don’t break things” with Continuous Delivery.
Three Take-a-ways:

1. Balance of innovation vs control is always being fine-tuned.
2. Any improvement is an improvement and you don’t have to be deploying every 12 seconds like Amazon.
3. We judge confidence in people, process, and technology. Start incremental where it is easier than address the other points.

The most difficult part of a digital transformation is getting people to invest in needed improvements and embrace new ways of working. It is all about organizational change management. Digital transformation leader, analyst, consultant and author, Gary Gruver, shares his experience with vital change management anti-patterns. Gary also builds from the work of Wharton School of Business professor and author, Jonah Berger.

Everyone needs an application delivery platform that provides the right developer experience for your application delivery teams. Whether you acquire an integrated platform or build one by integrating a set of tools, you need to craft the platform in a way to allow it to be scalable for the enterprise, and provide curated experiences for the myriad developer types, across the various technology stacks you have. This requires an underlying architecture that addresses all the four ‘layers’ of the platform ‘cake’. Namely - Environments, Software delivery lifecycle tools, Data, and Security and Compliance. Each layer is essential. Each layer is complex. Each layer is builds on the ‘flavor profiles’ of the other layers. Let’s learn how to bake this cake.
Sanjeev Sharma, author of the bestseller ‘The DevOps Adoption Playbook’ will share his lessons learned from his experience in the Financial Services sector that includes working in senior leadership designing, deploying and running successful Hybrid Cloud, DevOps, and DataOps driven transformations at several of the largest, most strategic banks and financial services organizations globally.
Sanjeev is currently the Head of Platform Engineering at Truist. Sanjeev is a former Distinguished Engineer at IBM, the former field CTO at Delphix, and a former principal analyst at Accelerated Strategies.