Azure Pipelines pose unique security challenges. You can use a pipeline to run scripts or deploy code to production environments. But you want to ensure your CI/CD pipelines don't become avenues to run malicious code. You also want to ensure only code you intend to deploy is deployed. Security must be balanced with giving teams the flexibility and power they need to run their own pipelines. In this session we will walk through creating a secure DevOps pipeline using Azure and both native and open source tooling.
Sarah is a Senior Cloud Security Advocate working at Microsoft. She has lived all over the place but currently calls Melbourne home. Sarah has been working in cyber security since before it was cool, holds numerous industry qualifications has co-authored few Microsoft Press technical books. In 2019, Sarah won the Security Champion award at the Australian Women in Security Awards. She is an active supporter of both local and international security and cloud native communities. She is also a co-host of the Microsoft Azure Security Podcast. Sarah spends most of her spare time speaking at security conferences in various parts of the world, eating hipster brunches and high teas and spending a disproportionate amount of her income on her dogs.
We seek to provide a respectful, friendly, professional experience for everyone, regardless of gender, sexual orientation, physical appearance, disability, age, race or religion. We do not tolerate any behavior that is harassing or degrading to any individual, in any form. The Code of Conduct will be enforced.
All live stream organizers using the Global Azure brand and Global Azure speakers are responsible for knowing and abiding by these standards. Each speaker who wishes to submit through our Call for Presentations needs to read and accept the Code of Conduct. We encourage every organizer and attendee to assist in creating a welcoming and safe environment. Live stream organizers are required to inform and enforce the Code of Conduct if they accept community content to their stream.
If you are being harassed, notice that someone else is being harassed, or have any other concerns, report it. Please report any concerns, suspicious or disruptive activity or behavior directly to any of the live stream organizers, or directly to the Global Azure admins at email@example.com. All reports to the Global admin team will remain confidential.
We expect local organizers to set up and enforce a Code of Conduct for all Global Azure live stream.
A good template can be found at https://confcodeofconduct.com/, including internationalized versions at https://github.com/confcodeofconduct/confcodeofconduct.com. An excellent version of a Code of Conduct, not a template, is built by the DDD Europe conference at https://dddeurope.com/2020/coc/.