Aarno Aukia
DevSecOps: Security in DevOps
#1about 3 minutes
Understanding the evolution from waterfall to DevOps
The software development lifecycle shifted from the linear waterfall model to an iterative agile and DevOps approach to better handle continuous maintenance and new features.
#2about 2 minutes
Why security must be integrated from the start
Treating security as a final gatekeeper creates a bottleneck; instead, it should be integrated throughout the development process as a set of non-functional requirements.
#3about 5 minutes
Exploring the core principles of DevSecOps
A successful DevSecOps culture is built on principles like trust, transparency, incremental improvements, automation, and continuous education.
#4about 3 minutes
Automating security checks in the CI/CD pipeline
Integrate automated tools for static code analysis, dependency management, and container image scanning directly into the build process to catch vulnerabilities early.
#5about 3 minutes
Using containers to improve security and deployment
Containers like Docker provide application isolation, prevent running as root, and support best practices such as the 12-factor app pattern for more secure operations.
#6about 6 minutes
Managing production complexity with container orchestration
While Docker packages applications, container orchestrators like Kubernetes are essential for managing production concerns like service discovery, scheduling, and availability.
#7about 2 minutes
Centralizing security services in a Kubernetes ecosystem
The Kubernetes ecosystem enables security teams to provide standardized, centralized services for authentication, logging, and monitoring across all applications.
#8about 5 minutes
Case study of regulated deployments in banking
A Swiss banking software company uses OpenShift and an automated business process framework to manage deployments with auditable approval gates, meeting strict financial regulations.
#9about 4 minutes
Shifting from full-stack audits to additive governance
By certifying a standardized container platform, security governance can shift from repetitive full-stack audits to reviewing only the application and its specific configuration.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
08:53 MIN
Integrating security into the DevOps lifecycle with DevSecOps
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
00:17 MIN
The cultural shift from DevOps to DevSecOps
You can’t hack what you can’t see
00:45 MIN
The expanding role of developers in security
Vulnerable VS Code extensions are now at your front door
05:33 MIN
Integrating security earlier in the development lifecycle
Vulnerable VS Code extensions are now at your front door
04:46 MIN
Shifting security testing left in the development lifecycle
Vue3 practical development
28:42 MIN
Key lessons learned from implementing DevSecOps
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
14:01 MIN
Security is now a shared responsibility across all teams
The Evolving Landscape of Application Development: Insights from Three Years of Research
00:46 MIN
The expanding security responsibilities of developers
Vue3 practical development
Featured Partners
Related Videos
44:40Enabling automated 1-click customer deployments with built-in quality and security
Christoph Ruggenthaler
29:34You can’t hack what you can’t see
Reto Kaeser
51:41Climate vs. Weather: How Do We Sustainably Make Software More Secure?
Panel Discussion
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
45:19Security Challenges of Breaking A Monolith
Reinhard Kugler
1:41:05Maturity assessment for technicians or how I learned to love OWASP SAMM
Mathias Tausig
42:40Building Security Champions
Tanya Janca
44:00Enhancing Workload Security in Kubernetes
Dimitrij Klesev & Andreas Zeissner
From learning to earning
Jobs that call for the skills explored in this talk.