Building a Security Program for SaaS Product Development


View Recording



View Slides


Image the following fictitious scenario: you are starting a new job as the first security engineer of a startup with a software-as-a-service (or platform-as-a-service) offering built on top of well known public cloud platforms with cloud-native technology.

Being the first person to tackle security as a full time job, this might seem light a monumental task.

How to quickly get a first overview of the current security posture? Where to start with security improvements? How to prioritize? How to define a security roadmap?

This talk will provide an overview on how to introduce security into a typical cloud based product from the ground up. Short-, medium- and long-term security activities will be discussed, with specific proposals what high impact topics should be addressed in the beginning.

We will cover a broad range, from technical topics, s.a. tooling for security automation, all the way to non-technical topics such as compliance.

Christian Bauer

Security engineer with a special focus on Cloud security.