‹ All episodes

br3akp0int Security Podcast

#S02EP08 Packing a Punch! With Policy-as-Code | Abhay Bhargav

December 19, 2023 Abhay Bhargav | br3akp0int Season 2 Episode 8
br3akp0int Security Podcast
#S02EP08 Packing a Punch! With Policy-as-Code | Abhay Bhargav
Info
br3akp0int Security Podcast
#S02EP08 Packing a Punch! With Policy-as-Code | Abhay Bhargav
Dec 19, 2023 Season 2 Episode 8
Abhay Bhargav | br3akp0int
In today's world of rapidly evolving technology and the increasing complexity of software systems, ensuring the security and compliance of applications across the stack has become paramount. The stack has also gotten to be much more complex with the proliferation of APIs on cloud and cloud-native technologies. Tightly coupled security controls for things like Authorization, Validation and Admission Control is not realistic and is causing a large inconsistency in the implementation of security controls. 


This episode will provide an in-depth exploration of Policy-as-Code (PaC) and how it can be employed to implement decoupled security practices across the stack. PaC serves as a unified framework that enables organizations to define, manage, and enforce policies in a consistent, transparent, and automated manner. This approach facilitates better security, compliance, and risk management, while also reducing the need for manual intervention.


Guest: Abhay Bhargav, Founder of we45,Appsec Engineer

Abhay Bhargav is the Founder of the Chief Research Officer of AppSecEngineer, an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security and DevSecOps. AppSecEngineer delivers hands-on security skills that companies are actually looking for. 

Abhay started his career as a breaker of apps, in pentesting and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps

He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security. In addition, Abhay has contributed to pioneering work in the Vulnerability Management space, being the architect of a leading Vulnerability Management and Correlation Product, Orchestron. Abhay is also committed to Open-Source and has developed the first-ever Threat Modeling solution at the crossroads of Agile and DevSecOps, called ThreatPlaybook.

Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on. He's authored two international publications on Java Security and PCI Compliance as well.



I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy
Share
Apple Podcasts Spotify Amazon Music Overcast Castro Castbox +
Show Notes
In today's world of rapidly evolving technology and the increasing complexity of software systems, ensuring the security and compliance of applications across the stack has become paramount. The stack has also gotten to be much more complex with the proliferation of APIs on cloud and cloud-native technologies. Tightly coupled security controls for things like Authorization, Validation and Admission Control is not realistic and is causing a large inconsistency in the implementation of security controls. 


This episode will provide an in-depth exploration of Policy-as-Code (PaC) and how it can be employed to implement decoupled security practices across the stack. PaC serves as a unified framework that enables organizations to define, manage, and enforce policies in a consistent, transparent, and automated manner. This approach facilitates better security, compliance, and risk management, while also reducing the need for manual intervention.


Guest: Abhay Bhargav, Founder of we45,Appsec Engineer

Abhay Bhargav is the Founder of the Chief Research Officer of AppSecEngineer, an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security and DevSecOps. AppSecEngineer delivers hands-on security skills that companies are actually looking for. 

Abhay started his career as a breaker of apps, in pentesting and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps

He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security. In addition, Abhay has contributed to pioneering work in the Vulnerability Management space, being the architect of a leading Vulnerability Management and Correlation Product, Orchestron. Abhay is also committed to Open-Source and has developed the first-ever Threat Modeling solution at the crossroads of Agile and DevSecOps, called ThreatPlaybook.

Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on. He's authored two international publications on Java Security and PCI Compliance as well.



I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy