Home
Talks
CFP Guide
What is BSides?
About
Contact
Light
← All talks
Topic
DevSecOps talks at BSides
245 talks tagged
DevSecOps
from 71 chapters of BSides events worldwide.
Related topics
Technical
Talk
Blue
Intermediary
Demo
Red
20:40
Detection-as-code: Why it works and where to start
Kyle Bailey
BSidesSF
· 2022
Technical
DevSecOps
Talk
Open →
2022-07
46:38
How to 10X Your Company's Security (Without a Series D)
Clint Gibler
BSidesSF
· 2020
Technical
Cloud IAM
DevSecOps
Threat Modeling
Blue
Talk
Open →
2020-03
33:37
Hackers are Shifting Left, Too
BSides Ahmedabad
DevSecOps
Talk
Open →
2023-02
47:16
Climbing the Production Mountain: Practical CI/CD Attacks Using CI/CD Goat
Omer Gil
Asaf Greenholts
BSides Las Vegas
· 2022
Technical
DevSecOps
Supply Chain Security
Red
Demo
Open →
2022-09
47:24
Embracing Risk Responsibly: Moving beyond inflexible SLAs and exception hell
Eric Ellett
BSidesSF
· 2022
Technical
DevSecOps
Talk
Open →
2022-07
45:33
Understanding Your Vulnerability Data To Optimize Your DevOps Pipeline Flow by Chris Madden
Chris Madden
BSides Dublin
· 2023
Technical
DevSecOps
Talk
Open →
2023-07
30:48
Fighting Secrets In Source Code With TruffleHog
Dylan Ayrey
BSidesSF
· 2018
Technical
Tooling
DevSecOps
Supply Chain Security
Vulnerability Research
Talk
Open →
2018-04
27:37
Overwatch: A serverless approach to orchestrating your security automation
Sanchay Jaipuriyar
BSidesSF
· 2023
Technical
DevSecOps
Talk
Open →
2023-05
56:10
Continuous Integration: Stalking Vulnerabilities with Puma Scan
Eric Johnson
BSides Iowa
· 2017
Technical
DevSecOps
Vulnerability Research
Case Studies and Incidents Analysis
Talk
Open →
2017-04
46:31
Detection as Code: The Engineering-Focused Future of Detection and Response
Jackie Bow
Julie Agnes Sparks
Jessica Rozhin
Louis Barrett
BSidesSF
· 2023
Technical
Detection Engineering
DevSecOps
Threat Intel
Blue
Panel
Open →
2023-05
30:28
BSidesSF 2019 - DevSecOps State of the Union (Clint Gibler)
Clint Gibler
BSidesSF
· 2019
Technical
DevSecOps
Talk
Open →
2019-03
51:14
Continuous Security Testing in a DevOps World
Stephen de Vries
BSides London
· 2014
Technical
DevSecOps
Web AppSec
Demo
Talk
Open →
2014-05
27:24
Make Alerts Great Again
Daniel Popescu
BSidesSF
· 2017
Technical
DevSecOps
Talk
Open →
2017-03
52:19
RedOps: Automating your Red Team Infrastructure
Alex Rodriguez
BSides Charleston
· 2018
Technical
DevSecOps
Tooling
Red
Talk
Open →
2018-11
30:04
Tales of Red Teaming (Continuous Intrusion Continuous Deception)
Aladdin Mubaied
Rahul Nair
BSidesSF
· 2018
Technical
Container Security
DevSecOps
Red
Talk
Open →
2018-04
18:35
Supercharge Your Workflow: Using WhiteRabbitNeo for AI-Powered Analysis
Bailey Williams
BSides Charm
· 2025
Technical
AI Security
DevSecOps
Vulnerability Research
Red
Talk
Open →
2025-05
25:35
Secret Hunting
Tanya Janca
BSidesSF
· 2023
Technical
DevSecOps
Supply Chain Security
Intro
Blue
Talk
Open →
2023-05
56:28
A Pentester's Guide To Left Shifting Security
Jay Harris
BSides Leeds
· 2019
Technical
DevSecOps
Talk
Open →
2019-01
50:48
BSidesSF 2023 - Securing the Pipeline: Protecting Self-Hosted GitHub Runners (Adnan Khan)
Adnan Khan
BSidesSF
· 2023
Technical
DevSecOps
Supply Chain Security
Talk
Open →
2023-05
53:12
AI Agents in the SDLC: Productivity, Security & the Developer Paradox
Bryce Kunz
BSides SLC
· 2025
Technical
DevSecOps
Talk
Open →
2025-10
42:04
From soup to nuts: Building a Detection-as-Code pipeline - David French
David French
BSides SATX
· 2024
Technical
DevSecOps
Talk
Open →
2024-06
49:30
Infrastructure as RCE: How to abuse Terraform to elevate access
Mike McCabe
BSides NYC
· 2023
Technical
Cloud IAM
DevSecOps
Vulnerability Research
Red
Talk
Open →
2023-06
23:04
Security Automation Simplified
Moses Schwartz
BSidesSF
· 2019
Technical
DevSecOps
Intro
Talk
Open →
2019-03
30:06
Windows Event Forwarding and OSSEC — You can do this!
Robert Wilson
BSides Augusta
· 2018
Technical
DevSecOps
Blue
Talk
Open →
2018-11
53:36
Rolling out the C2: Red Team Infrastructure in 2024
BSides Las Vegas
· 2024
Technical
Cloud IAM
DevSecOps
Red
Demo
Talk
Open →
2024-09
32:17
SecOps Automation And Orchestration
Nicolas Mattiocco
BSides Lisbon
· 2018
Technical
DevSecOps
Tooling
Vulnerability Research
Talk
Open →
2018-12
48:35
CI/CD Security: A New Eldorado
Remi Escourrou
Xavier Gerondeau
Gauthier Sebaux
BSides Las Vegas
· 2022
Technical
Cloud IAM
DevSecOps
Supply Chain Security
Red
Talk
Open →
2022-09
42:58
Breaking Build: Red Teaming CI/CD Pipelines and GitHub Actions [BSidesPDX 2024]
Craig Wright
BSides PDX
· 2024
Technical
DevSecOps
Red
Talk
Open →
2024-11
53:45
Signing your code the easy way
Oren Novotny
BSides DC
· 2019
Technical
DevSecOps
Supply Chain Security
Talk
Open →
2019-11
49:39
To Normalized Logs, and Beyond - Building a Threat Detection Platform from Scratch
David Levitsky
Brian Maloney
BSidesSF
· 2023
Technical
DevSecOps
Blue
Talk
Open →
2023-05
40:17
Is Your Approach To Pipeline Security Flawed? Rethinking CI/CD Security
BSides London
· 2025
Technical
DevSecOps
Supply Chain Security
Intermediary
Talk
Open →
2025-02
25:46
BSidesSF 2020 - Mistakes Made Integrating Security Scanning into CI/CD (Atul G • Moses S)
Atul Gaikwad
Moses Schwartz
BSidesSF
· 2020
Technical
DevSecOps
Case Studies and Incidents Analysis
Talk
Open →
2020-11
13:12
How to Manage DevSecOps
Talha Karakumru
BSides Athens
· 2023
Technical
DevSecOps
Talk
Open →
2023-06
32:40
For Crying Out Cloud - Stu Hirst and Tash Norris
Stu Hirst
Tash Norris
BSides Munich
· 2019
Technical
Cloud IAM
DevSecOps
Threat Modeling
Blue
Talk
Open →
2019-03
52:47
When DevSecOps Fails
Tanya Janca
BSides Las Vegas
· 2022
Technical
DevSecOps
Vulnerability Research
Talk
Open →
2022-09
55:23
Quaid DeLacluyse - DevAttackOps: Full Stack Red Team
Quaid DeLacluyse
BSides Augusta
Technical
DevSecOps
Red
Talk
Open →
2022-10
33:15
5 Keys to Building an App Sec Program in the Age of DevOps
Tim Jarrett
BSidesSF
· 2017
Technical
DevSecOps
Talk
Open →
2017-03
39:13
Minimizing AWS S3 bucket attack vectors at scale
Damien Burks
BSides Dallas/Fort Worth
· 2022
Technical
Cloud IAM
DevSecOps
Blue
Talk
Open →
2022-11
47:23
Open Source GitOps for Detection Engineering
Zach Wasserman
BSides Las Vegas
· 2023
Technical
Detection Engineering
DevSecOps
Blue
Demo
Talk
Open →
2023-10
14:13
BSidesSF 2023 - Stop Committing Your Secrets - Git Hooks To The Rescue! (Dwayne McDaniel)
Dwayne Mcdaniel
BSidesSF
· 2023
Technical
DevSecOps
Talk
Open →
2023-05
41:46
DIY Patch Management
Florian Junge
Ingo Bente
BSides Munich
Technical
DevSecOps
Vulnerability Research
Talk
Open →
2018-04
40:07
Doctor Docker: Building Your Infrastructure's Immune System
Mike McCabe
Patrick Cooley
BSides DC
· 2014
Technical
Container Security
DevSecOps
Supply Chain Security
Demo
Talk
Open →
2014-10
47:22
Weaponizing Ansible
Christopher Grimm
BSides Charleston
· 2017
Technical
DevSecOps
Tooling
Blue
Red
Talk
Open →
2017-11
29:44
You Might Still Need Patches for Denim
Maya Kaczorowski
Dan Lorenc
BSidesSF
· 2019
Technical
DevSecOps
Supply Chain Security
Talk
Open →
2019-03
20:13
Are your GitHub Actions secure?
Luís Fontes
BSides Lisbon
· 2022
Technical
DevSecOps
Supply Chain Security
Red
Talk
Open →
2023-01
24:05
Purple is the New Black: Modern Approaches to Application Security
Tanya Janca
BSidesSF
· 2020
Technical
Cloud IAM
DevSecOps
Web AppSec
Intermediary
Purple
Talk
Open →
2020-03
20:25
BSidesSF 2018 - KubeScope for the Extraordinary World of Containers (Tongbo Luo • Zhaoyan Xu)
Tongbo Luo
Zhaoyan Xu
BSidesSF
· 2018
Technical
DevSecOps
Demo
Talk
Open →
2018-04
41:25
AppSec as Glue: Building Partnerships to Scale Security
Mukund Sarma
Tad Whitaker
Sarah Liu
Ariel Shin
Jacob Salassi
BSidesSF
· 2025
Technical
Career & Soft Skills
DevSecOps
Panel
Open →
2025-06
48:33
BSidesSF 2020 - Lessons from DevSecOps Trenches (Clint G • Zane L • Astha S • Justine O • Doug D)
Clint Gibler
Zane Lackey
Astha Singhal
Justine Osborne
Doug DePerry
BSidesSF
· 2020
Career
DevSecOps
Panel
Open →
2020-03
48:01
Action Anomalies: A Hacker's Guide to Github Actions
Elliot Ward
BSides Tallinn
· 2024
Technical
DevSecOps
Supply Chain Security
Vulnerability Research
Case Studies and Incidents Analysis
Technical Deep-dives
Talk
Open →
2024-10
38:46
You Don't Have to Patch!
Jasvir Nagra
Pedro Fortuna
BSides Lisbon
· 2023
Technical
DevSecOps
Threat Modeling
Web AppSec
Intermediary
Talk
Open →
2024-02
29:35
The Secure Metamorphosis: Streaming Logs with Kafka and TLS
Tyler Paxton
BSidesSF
· 2019
Technical
DevSecOps
Network Security
Talk
Open →
2019-03
30:42
Effective building blocks for securing multi-tenant Kubernetes clusters
Shrikant Pandhare
Sagiv Sheelo
BSidesSF
· 2024
Technical
Cloud IAM
Container Security
DevSecOps
Case Studies and Incidents Analysis
Talk
Open →
2024-07
25:59
BSidesSF 2019 - Containers: Your Ally in Improving Security (Connor Gilbert • Connor Gorman)
Connor Gilbert
Connor Gorman
BSidesSF
· 2019
Technical
DevSecOps
Talk
Open →
2019-03
25:14
Securing Fast and Furious DevOps Pipelines
Abdessamad Temmar
BSides Las Vegas
· 2019
Technical
DevSecOps
Supply Chain Security
Blue
Talk
Open →
2019-10
33:13
Compliance Without the Chaos: Building It Right Into Your DevOps Pipeline
Varun Gurnaney
BSidesSF
· 2025
Technical
DevSecOps
Talk
Open →
2025-06
48:13
DevOps and the Future of Information Security
Darin Morris
BSides Cape Town
· 2018
Technical
DevSecOps
Talk
Open →
2019-02
30:24
Opinionless Enforcement of Opinions on Operational Secrets
Jonathan Freedman
BSidesSF
· 2017
Technical
DevSecOps
Talk
Open →
2017-03
42:47
Playing Peekaboo With Runtime In CI/CD Pipelines
Patricia R
BSides London
· 2025
Technical
DevSecOps
Supply Chain Security
Intermediary
Talk
Open →
2026-03
24:39
Why I am (still) finding secrets in your code
Luke Marshall
BSides Canberra
· 2025
Research
Technical
DevSecOps
Supply Chain Security
Vulnerability Research
Blue
Case Studies and Incidents Analysis
Empirical Research
+1
Open →
2025-12
54:59
DevOps Application Security Teams for the Rest of Us
Mark Geeslin
BSides DC
· 2018
Technical
DevSecOps
Talk
Open →
2018-11
36:31
Don't Sh*t-Left: How to Actually Shift-Left
Ahmad Sadeddin
BSidesSF
· 2025
Technical
AI Security
DevSecOps
Talk
Open →
2025-06
39:15
Pipeline Pandemonium: How to Hijack the Cloud and Make it Rain Insecurity
Blake Hudson
BSides Las Vegas
· 2024
Technical
Cloud IAM
DevSecOps
Supply Chain Security
Red
Case Studies and Incidents Analysis
Technical Deep-dives
Talk
Open →
2024-09
43:33
Adding DAST to CI/CD Without Losing Friends
Tanya Janca
BSides Munich
· 2022
Technical
DevSecOps
Web AppSec
Keynote
Open →
2022-05
38:33
BSidesBUD2022: Github Actions Security Landscape
Alex Ilgayev
Ilia Shkolyar
BSides Budabest
· 2022
Technical
DevSecOps
Supply Chain Security
Empirical Research
Technical Deep-dives
Talk
Open →
2023-06
28:09
My CI/CD Pipeline Contains All Security Tools Available! Now What...?
Jasmin Mair
BSides Munich
Technical
DevSecOps
Supply Chain Security
Threat Modeling
Talk
Open →
2023-10
48:46
How to Kickstart an Application Security Program
Timothy DeBlock
BSides Knoxville
· 2017
Career
Technical
Career & Soft Skills
DevSecOps
Talk
Open →
2017-06
27:24
So You Think You Can Detect? Detection Testing in Production
Lisa Li
BSides SLC
· 2025
Technical
DevSecOps
Purple
Demo
Talk
Open →
2025-06
50:25
Unsafe Harbor: Practical Attacks on Docker Infrastructure
Josh Farwell
BSides PDX
· 2018
Technical
DevSecOps
Red
Talk
Open →
2019-02
1:57:57
DevSecOps for Security Teams
Hassan Mussana
BSides Pakistan
· 2021
Technical
DevSecOps
Supply Chain Security
Talk
Open →
2021-10
50:47
Sure, Let Business Users Build Their Own. What Could Go Wrong?
Michael Bargury
BSidesSF
· 2023
Technical
Cloud IAM
DevSecOps
Threat Modeling
Intermediary
Case Studies and Incidents Analysis
Talk
Open →
2023-05
26:51
Hiding in Plain Sight - Weaponizing Developer Applications and Interpreted Languages to Evade EDR
Annika Clarke
BSides Philly
· 2025
Technical
DevSecOps
Malware Analysis
Reverse Engineering
Advanced
Red
Technical Deep-dives
Talk
Open →
2026-02
28:33
One-Click Code Fix: Securing Code Using AI
Chandrani Mukherjee
Joseph Seasly
BSidesSF
· 2024
Technical
DevSecOps
Demo
Talk
Open →
2024-07
37:23
Serverless Security Testing: Challenges and Solutions
Tal Melamed
Meir Benayoun
BSides TLV
· 2022
Technical
Cloud IAM
DevSecOps
Vulnerability Research
Technical Deep-dives
Talk
Open →
2022-07
39:36
Application security into DevOps
Svetlomir Balevski
BSides Sofia
· 2022
Technical
DevSecOps
Talk
Open →
2022-04
26:43
Security Learns to Sprint: DevSecOps
Tanya Janca
BSidesSF
· 2020
Technical
DevSecOps
Talk
Open →
2020-03
12:30
Tales from the DevSecOps world: SIEM completely as Code
George Tsigourakos
Kyriaki Solomidou
John Torakis
BSides Athens
· 2022
Technical
DevSecOps
Talk
Open →
2022-06
18:55
Turnkey Code – Enhancing Secrets Management in Large Scale Organizations
Diogo Lemos
BSides Lisbon
· 2024
Technical
DevSecOps
Supply Chain Security
Blue
Talk
Open →
2024-12
15:02
Oops!!... Did I Reveal Something? Detecting Leaked Secrets in Azure Deployment Templates
Javan Mnjama
BSides Cape Town
· 2023
Technical
Cloud IAM
DevSecOps
Blue
Red
Talk
Open →
2023-12
54:30
DevSecOps Isn't Real
Ethan Witherington
BSidesROC
· 2025
Technical
DevSecOps
Talk
Open →
2025-03
18:08
Chaos Engineering: Break It On Purpose by Morgan Carter
Morgan Carter
BSides London
· 2022
Technical
DevSecOps
Intermediary
Blue
Technical Deep-dives
Talk
Open →
2022-01
46:51
Dependable Red Teaming by Using Confusion
Tinus Green
BSides Cape Town
· 2025
Technical
DevSecOps
Supply Chain Security
Red
Technical Deep-dives
Demo
Talk
Open →
2025-03
34:42
Jedi Mind Tricks: Application Security for Developers and Executives
David Rook
Chris White
BSides London
· 2014
Technical
Career & Soft Skills
DevSecOps
Talk
Open →
2014-09
46:32
Container Security, Are You Doing It Wrong?
Jeff Weatherford
BSides Tampa
· 2024
Technical
Container Security
DevSecOps
Supply Chain Security
Intermediary
Talk
Open →
2024-05
21:36
Look Ma, No Hands! Decentralizing Security for Scale
Chris Dorros
BSidesSF
· 2017
Community
Technical
Detection Engineering
DevSecOps
Talk
Open →
2017-03
44:34
Beyond Whack-a-Mole: Scaling Vulnerability Management by Embracing Automation
Yotam Perkal
BSides Las Vegas
· 2024
Technical
DevSecOps
Supply Chain Security
Vulnerability Research
Blue
Talk
Open →
2024-09
43:55
Where and how to implement Security in Software Development
Radostina Kondakova
Jordan Popov
BSides Sofia
· 2022
Technical
DevSecOps
Threat Modeling
Web AppSec
Methodology
Talk
Open →
2022-04
28:11
IAC (Infrastructure-As-Code) SAST - What's That?
Chaitra Bhat
BSides Dublin
Technical
DevSecOps
Talk
Open →
2022-05
39:47
Github Actions Security Landscape by Alex Ilgayev
Alex Ilgayev
BSides Dublin
· 2023
Technical
DevSecOps
Talk
Open →
2023-07
45:35
A Developer's Guide for Building Zero Trust Ready Apps
Kaylan Krishna
BSides Peru
· 2022
Technical
Cloud IAM
DevSecOps
Talk
Open →
2022-09
24:33
Testing Defensive Controls w/ atomic-operator - Josh Rickard
Josh Rickard
BSides KC
· 2022
Technical
DevSecOps
Blue
Talk
Open →
2022-10
39:08
Building A Modern, Scalable and Effective Application Security Program
Abdessamad Temmar
BSides Prishtina
· 2024
Technical
AI Security
DevSecOps
OWASP
Threat Modeling
Case Studies and Incidents Analysis
Talk
Open →
2024-09
25:51
Shift Left, Secure Right, Building An Open Source SBOM Driven Vulnerability Management System
Cosimo Commisso
BSides Toronto
· 2024
Technical
DevSecOps
Supply Chain Security
Vulnerability Research
Talk
Open →
2024-10
46:04
Whose Pipeline Is It Anyway?: Attacks and Defenses in the World of CI/CD
Matt Bosack
Zach Satterly
BSides Philly
· 2023
Technical
DevSecOps
Supply Chain Security
Blue
Red
Talk
Open →
2024-01
23:09
Infrastructure as Code: Managing Environments with Terraform and Ansible
Charles Bain
BSides Leeds
· 2023
Technical
Cloud IAM
DevSecOps
Talk
Open →
2023-07
59:24
Close DevSecOps Awareness and Guide to Practical Implementation
Tej Luthra
BSides DC
· 2018
Technical
DevSecOps
Talk
Open →
2018-11
32:30
Building a Secure Environment for Operations Using Docker
Brian Stucker
BSides Augusta
· 2017
Technical
DevSecOps
Demo
Talk
Open →
2017-09
22:57
Actions Have Consequences: The Overlooked Security Risks in 3rd Party GitHub Actions
Yaron Avital
BSides Las Vegas
· 2023
Technical
DevSecOps
Supply Chain Security
Talk
Open →
2023-10
39:54
Rooting out Security Risks Lurking in your CI/CD Pipelines
Vasant Chinnipilli
BSides Berlin
· 2021
Technical
Container Security
DevSecOps
Supply Chain Security
Talk
Open →
2021-09
20:26
The Road to Developers' Hearts
Sing Ambikapathi
BSidesSF
· 2024
Community
Career & Soft Skills
DevSecOps
Talk
Open →
2024-07
View all 245 talks tagged DevSecOps →
