AppSec & DevSecOps Singapore schedule

• How integrating security practices early in the SDLC reduces costs and strengthens application resilience
• Empowering developers with tools and training to identify and address vulnerabilities during the coding phase
• Leveraging automated security tools and processes within continuous integration/continuous deployment pipelines
• Strategies to align rapid software delivery with robust security in agile and DevSecOps environments

• What innovative practices ensure end-to-end security across the software development and supply chain lifecycle, integrating DevSecOps, AppSec, and container security?
• How can continuous risk assessment and improvement through DevSecOps practices protect every phase of the SDLC?
• What role does automation play in enhancing operational efficiency and simplifying compliance within governance frameworks?
• How can layered security strategies proactively address vulnerabilities in software supply chains and containerised environments?

Moderator:

Dan Haagman CEO Chaleit & Honorary Professor Murdoch University

Speakers:

Reuben Athaide Head, Cyber Security Advisory and DevSecOps Standard Chartered

Yih Wen Tsai Senior Cybersecurity Architect PODIUM.io

• Breaking Down Silos: Fostering collaboration between development, IT operations, and security teams for unified goals
• Embedding security checks and tools into the CI/CD pipeline without slowing down development
• Shared Responsibility: Aligning roles, responsibilities, and KPIs to ensure security is everyone's job
• Encouraging a proactive mindset toward security through training and organisational buy-in

Panellists:

Sathiyaseelan Murugaiayh Head of DevSecOps Circles.Life

While driving adoption of CI/CD across more than 50 Singapore Government agencies in a landscape with distributed and mostly outsourced systems, GDT-CSH has encountered various security anti-patterns in the CI/CD pipelines that could compromise application security. Drawing from real-world experiences with agencies and vendors, this talk will dissect common security anti-patterns we've discovered and share practical strategies for addressing them.

Speakers:

Linda Chang Assistant Director, Clusters & Technology Management Office (CTMO) GovTech

Daniel Liu Senior DevOps Engineer GovTech

• Step-by-step guidance on embedding incident response processes within CI/CD pipelines for faster detection and containment
• Practical implementation of tools and technologies for automated security event monitoring, alerting, and remediation across development and operational environments
• Coordinating Cross-Team Responses to Security Incidents: Proven techniques for ensuring developers, security professionals, and operations teams work in unison during an incident to quickly address and resolve vulnerabilities
• Post-Incident Response and Feedback Loops: Strategies for documenting incidents, conducting root cause analysis, and using insights to strengthen DevSecOps workflows and improve future security posture

• Building security measures into every phase of the SDLC, enhancing efficiency, reducing risks, and bolstering trust
• Adopting early-stage vulnerability detection to mitigate risks before they escalate, ensuring safer and smoother production
• How can you define comprehensive policies and guidelines to unify team actions and maximise the effectiveness of security tools and technologies?
• Encouraging ongoing skill development and adaptive strategies to meet evolving security challenges head-on

Moderator:

Zhou Zhihao Vice President ISC2 SG Chapter