Building A Security Program For SaaS Product Development

Image the following fictitious scenario: you are starting a new job as the first security engineer of a startup with a software-as-a-service (or platform-as-a-service) offering built on top of well known public cloud platforms with cloud-native technology. Being the first person to tackle security as a full time job, this might seem light a monumental task. How to quickly get a first overview of the current security posture? Where to start with security improvements? How to prioritize? How to define a security roadmap? This talk will provide an overview on how to introduce security into a typical cloud based product from the ground up. Short-, medium- and long-term security activities will be discussed, with specific proposals what high impact topics should be addressed in the beginning. We will cover a broad range, from technical topics, s.a. tooling for security automation, all the way to non-technical topics such as compliance. Speaker Christian Bauer Security engineer with a special focus on Cloud security.