Aarno Aukia

DevSecOps: Security in DevOps

A Swiss bank automated security into their pipeline, proving you can achieve both agility and compliance. Here's how they did it.

DevSecOps: Security in DevOps
#1about 3 minutes

Understanding the evolution from waterfall to DevOps

The software development lifecycle shifted from the linear waterfall model to an iterative agile and DevOps approach to better handle continuous maintenance and new features.

#2about 2 minutes

Why security must be integrated from the start

Treating security as a final gatekeeper creates a bottleneck; instead, it should be integrated throughout the development process as a set of non-functional requirements.

#3about 5 minutes

Exploring the core principles of DevSecOps

A successful DevSecOps culture is built on principles like trust, transparency, incremental improvements, automation, and continuous education.

#4about 3 minutes

Automating security checks in the CI/CD pipeline

Integrate automated tools for static code analysis, dependency management, and container image scanning directly into the build process to catch vulnerabilities early.

#5about 3 minutes

Using containers to improve security and deployment

Containers like Docker provide application isolation, prevent running as root, and support best practices such as the 12-factor app pattern for more secure operations.

#6about 6 minutes

Managing production complexity with container orchestration

While Docker packages applications, container orchestrators like Kubernetes are essential for managing production concerns like service discovery, scheduling, and availability.

#7about 2 minutes

Centralizing security services in a Kubernetes ecosystem

The Kubernetes ecosystem enables security teams to provide standardized, centralized services for authentication, logging, and monitoring across all applications.

#8about 5 minutes

Case study of regulated deployments in banking

A Swiss banking software company uses OpenShift and an automated business process framework to manage deployments with auditable approval gates, meeting strict financial regulations.

#9about 4 minutes

Shifting from full-stack audits to additive governance

By certifying a standardized container platform, security governance can shift from repetitive full-stack audits to reviewing only the application and its specific configuration.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Integrating security into the DevOps lifecycle with DevSecOps
04:42 MIN

Integrating security into the DevOps lifecycle with DevSecOps

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

The modern DevSecOps approach to application security
04:29 MIN

The modern DevSecOps approach to application security

Maturity assessment for technicians or how I learned to love OWASP SAMM

The evolution from traditional security to DevSecOps
02:18 MIN

The evolution from traditional security to DevSecOps

DevSecOps culture

Integrating security into the DevOps lifecycle (DevSecOps)
05:52 MIN

Integrating security into the DevOps lifecycle (DevSecOps)

Demystifying DevOps—Pros, cons, dos & don'ts

The future of DevOps is system hardening and security
05:26 MIN

The future of DevOps is system hardening and security

Demystifying DevOps—Pros, cons, dos & don'ts

The cultural shift from DevOps to DevSecOps
03:26 MIN

The cultural shift from DevOps to DevSecOps

You can’t hack what you can’t see

Communication is key to a successful DevSecOps journey
00:44 MIN

Communication is key to a successful DevSecOps journey

DevSecOps culture

The expanding role of developers in security
04:48 MIN

The expanding role of developers in security

Vulnerable VS Code extensions are now at your front door

Featured Partners

Related Videos

See all videos
Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Security Challenges of Breaking A Monolith45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

Maturity assessment for technicians or how I learned to love OWASP SAMM1:41:05

Maturity assessment for technicians or how I learned to love OWASP SAMM

Mathias Tausig

Building Security Champions42:40

Building Security Champions

Tanya Janca

Walking into the era of Supply Chain Risks37:36

Walking into the era of Supply Chain Risks

Vandana Verma

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
DC
Daniel Cranney
Dev Digest 196: AI Killed DevOps, LLM Political Bias & AI Security
Inside last week’s Dev Digest 196 . ⚖️ Political bias in LLMs 🫣 AI written code causes 1 in 5 security breaches 🖼️ Is there a limit to alternative text on images? 📝 CodeWiki - understand code better 🟨 Long tasks in JavaScript 👻 Scare yourself into n...
Dev Digest 196: AI Killed DevOps, LLM Political Bias & AI Security

From learning to earning

Jobs that call for the skills explored in this talk.

DevSecOps

DevSecOps

Xebia
Retortillo de Soria, Spain

GIT
Terraform
Continuous Integration
Amazon Web Services (AWS)
DevOps Engineer

DevOps Engineer

Aark Tech Solution
Zürich, Switzerland

Azure
Kafka
DevOps
Python
Ansible
+5