Aarno Aukia
DevSecOps: Security in DevOps
#1about 3 minutes
Understanding the evolution from waterfall to DevOps
The software development lifecycle shifted from the linear waterfall model to an iterative agile and DevOps approach to better handle continuous maintenance and new features.
#2about 2 minutes
Why security must be integrated from the start
Treating security as a final gatekeeper creates a bottleneck; instead, it should be integrated throughout the development process as a set of non-functional requirements.
#3about 5 minutes
Exploring the core principles of DevSecOps
A successful DevSecOps culture is built on principles like trust, transparency, incremental improvements, automation, and continuous education.
#4about 3 minutes
Automating security checks in the CI/CD pipeline
Integrate automated tools for static code analysis, dependency management, and container image scanning directly into the build process to catch vulnerabilities early.
#5about 3 minutes
Using containers to improve security and deployment
Containers like Docker provide application isolation, prevent running as root, and support best practices such as the 12-factor app pattern for more secure operations.
#6about 6 minutes
Managing production complexity with container orchestration
While Docker packages applications, container orchestrators like Kubernetes are essential for managing production concerns like service discovery, scheduling, and availability.
#7about 2 minutes
Centralizing security services in a Kubernetes ecosystem
The Kubernetes ecosystem enables security teams to provide standardized, centralized services for authentication, logging, and monitoring across all applications.
#8about 5 minutes
Case study of regulated deployments in banking
A Swiss banking software company uses OpenShift and an automated business process framework to manage deployments with auditable approval gates, meeting strict financial regulations.
#9about 4 minutes
Shifting from full-stack audits to additive governance
By certifying a standardized container platform, security governance can shift from repetitive full-stack audits to reviewing only the application and its specific configuration.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
08:53 MIN
Integrating security into the DevOps lifecycle with DevSecOps
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
42:21 MIN
The modern DevSecOps approach to application security
Maturity assessment for technicians or how I learned to love OWASP SAMM
00:09 MIN
The evolution from traditional security to DevSecOps
DevSecOps culture
07:13 MIN
Integrating security into the DevOps lifecycle (DevSecOps)
Demystifying DevOps—Pros, cons, dos & don'ts
00:17 MIN
The cultural shift from DevOps to DevSecOps
You can’t hack what you can’t see
02:27 MIN
DevSecOps is a culture, not just a set of tools
DevSecOps culture
15:05 MIN
Scaling AppSec teams by empowering developers
Why Security-First Development Helps You Ship Better Software Faster
37:12 MIN
The future of DevOps is system hardening and security
Demystifying DevOps—Pros, cons, dos & don'ts
Featured Partners
Related Videos
16:00DevSecOps culture
Ali Yazdani
44:40Enabling automated 1-click customer deployments with built-in quality and security
Christoph Ruggenthaler
45:08DevSecOps: Injecting Security into Mobile CI/CD Pipelines
Moataz Nabil
51:13Demystifying DevOps—Pros, cons, dos & don'ts
Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:
24:01What The Hack is Web App Sec?
Jackie
08:27Get security done: streamlining application security with Aikido
Mia Neethling
29:34You can’t hack what you can’t see
Reto Kaeser
51:41Climate vs. Weather: How Do We Sustainably Make Software More Secure?
Panel Discussion
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
DevSecOps Engineer Jr-Mid | Remote | *Attention - developers with a passion for security*
Punk Security Ltd.
Remote
€30-40K
Junior
Docker
Node.js
Kubernetes
+1