Gauntlt Rugged By Example

James Wickett

Thu, 7th August 2014

Speaker Bio 1:
James @wickett is a well known personality within the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. James got his start in technology when he ran a Web startup company as a student at University of Oklahoma and since then has worked in environments ranging from large, web-scale enterprises to small, rapid-growth startups. As a Senior DevOps Engineer, James is currently working in a startup-like team building cloud-based products for the Embedded Software Division of Mentor Graphics James is a dynamic speaker on topics in DevOps, cloud computing, cloud security, security testing and Rugged DevOps.

He is a core contributor to the Gauntlt project and is a supporter of the Rugged Software movement. James is the creator and founder of the Lonestar Application Security Conference which is the largest annual security conference in Austin, TX. He volunteers as one of the chapter leaders for the OWASP Austin chapter and he holds the following security certifications: CISSP, GWAPT, GCFW, GSEC and CCSK and he serves on the GIAC Advisory Board.

Learning Objectives:

James will explain:

  • Why security is dead and rugged is the new currency.
  • Why automating security tests and putting them in your deployment pipelines is where security can add business value.
  • Learn more about Gauntlt! Gauntlt is an open source framework to help you accomplish the technical side of automating security tests.

Resources and materials:

Questions and answers

Max, Concise Courses:
Do you offer live training to use the Gauntlt?

James Wickett:
We are actually working on making a course so that people will be able to get started with that.

Max, Concise Courses:
Can you use Gauntlt on Mobile, especially Android?

James Wickett:
I don’t see why you couldn’t. It depends on how you have your test runner configured [but yes] it seems a feasible thing to do.

Max, Concise Courses:
Does Gauntlt have a particular expertise with PCI?

James Wickett:
It would be useful for all PCI. We don’t have any certification or anything like that or accreditation but I’d like to think that one of our tag lines for Gauntlt is do the ‘security testing before the auditors arrive’, so we think that PCI testing once a year is important. You are still going to need someone sign-off of things like [PCI Compliance].

Max, Concise Courses:
In your opinion and I am sure this is a difficult question but what is the most secure coding language, if you had to choose?

James Wickett:
I don’t know!

Max, Concise Courses:
Could you tell us something about the Lonestar Application Security Conference? How did it get started and what are the most in-demand speaker subjects at the conference in your opinion?

James Wickett:
It got started over a pizza and beer in 2010, like all good things! Me and a couple of the other leaders in the Austin [Texas] area of the OWASP Chapter, we were sitting around and we said, ‘why don’t we have a really good security conference?’ So, we thought, ‘how hard can it be!?’

The conference has really grown, we focus a lot on practitioners that are either developers, DevOps, or security engineers, security analysts, and we try and feature both for application security and also red-teaming etc, and we have had speakers popular in the DevOps world. We have had Gene Kim come a couple of times and we are bringing in Nick Galbraith who used to be one of the directors at Etsy, and now he’s doing another start-up. We are also bringing in Zane Lackey [Director of Security Engineering at Etsy], Jason Chan from Netflix [Director of Engineering – Cloud Security at Netflix] and Richard Bejtlich to talk about our Network Security. We are a mix but we try to be a cutting-edge mix – that’s our goal, to be useful to practioners. It’s a cheap event and Austin is a fun place to hang-out.