Walking the security master path

“To gain true mastery, a student must go a long way of learning and asceticism.”

So it could have been written in a Far Eastern book about gaining mastery in martial arts.
A strictly abstemious and renouncing way of life is certainly not, what the team of Alice&Bob has to experience on their way to security mastership; but we were happy to follow the personal invitation to Amazons Web Services first “Security Master Path” partner enablement and we were able to learn a lot of new things and freshen up a lot of knowledge.

Alice&Bob.Company differentiates itself from most AWS partners and positions itself as a strong security partner. We ease our client’s security concerns in the early stages of product development in order to make them build secure digital applications, by design.

In November four Alice&Bob.Company colleagues have followed a four-week journey along the Security Master Path. As mentioned before, this format was performed for the first time in Germany. It was a security deep dive, leveraging long years experience of existing Amazon cloud security architects.
Therefore, only partners who specifically address security as a focus to their customers were invited. The content covered a variety of topics, including security best practices, threat modelling, multi-account strategies, DevSecOps, continuous compliance, security-as-code (SaC), secure CI/CD pipelines, and more.

Modern software and product development is highly dynamic and agile. The same applies to the (cloud) infrastructures in which these products are developed and operated.
A few years ago, the DevOps movement brought together two originally organizationally different areas. Developers and Operations Engineers have merged into cross-functional teams. The situation is similar with the Security area. With DevSecOps, AppSecurity shifts from being an annoying tag to a valuable complement for product development in many modern software developments, adding another dimension to the DevOps team.

This leads to the ability to deploy security as code and results in additional continuous security benefits. For example, security can be handled as a new dimension in the quality testing process. All code can be tested with the regular software testing mechanisms, which are already applied for the rest of the application. As infrastructure is often automatically scaled up and down, security tests i.e. access rules, default password, etc. can be verified automatically, too. Even a way of automatic penetration testing can be applied more easily.

Are you interested in how to build security into your delivery pipeline without slowing down the entire lifecycle?
Is your relevant AWS security landscape hard to define?
Do you need support and ideas in security automation?
How do you reconcile the NIST pillars Indentify, Protect, Detect, Respond, and Recover with AWS?

Contact us! We are happy to assist you.