Aarno Aukia

DevSecOps: Security in DevOps

A Swiss bank automated security into their pipeline, proving you can achieve both agility and compliance. Here's how they did it.

DevSecOps: Security in DevOps
#1about 3 minutes

Understanding the evolution from waterfall to DevOps

The software development lifecycle shifted from the linear waterfall model to an iterative agile and DevOps approach to better handle continuous maintenance and new features.

#2about 2 minutes

Why security must be integrated from the start

Treating security as a final gatekeeper creates a bottleneck; instead, it should be integrated throughout the development process as a set of non-functional requirements.

#3about 5 minutes

Exploring the core principles of DevSecOps

A successful DevSecOps culture is built on principles like trust, transparency, incremental improvements, automation, and continuous education.

#4about 3 minutes

Automating security checks in the CI/CD pipeline

Integrate automated tools for static code analysis, dependency management, and container image scanning directly into the build process to catch vulnerabilities early.

#5about 3 minutes

Using containers to improve security and deployment

Containers like Docker provide application isolation, prevent running as root, and support best practices such as the 12-factor app pattern for more secure operations.

#6about 6 minutes

Managing production complexity with container orchestration

While Docker packages applications, container orchestrators like Kubernetes are essential for managing production concerns like service discovery, scheduling, and availability.

#7about 2 minutes

Centralizing security services in a Kubernetes ecosystem

The Kubernetes ecosystem enables security teams to provide standardized, centralized services for authentication, logging, and monitoring across all applications.

#8about 5 minutes

Case study of regulated deployments in banking

A Swiss banking software company uses OpenShift and an automated business process framework to manage deployments with auditable approval gates, meeting strict financial regulations.

#9about 4 minutes

Shifting from full-stack audits to additive governance

By certifying a standardized container platform, security governance can shift from repetitive full-stack audits to reviewing only the application and its specific configuration.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Final advice for developers adapting to AI
03:07 MIN

Final advice for developers adapting to AI

WeAreDevelopers LIVE – AI, Freelancing, Keeping Up with Tech and More

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Using AI to overcome challenges in systems programming
02:49 MIN

Using AI to overcome challenges in systems programming

AI in the Open and in Browsers - Tarek Ziadé

The role of a freelancer integrated within a team
01:53 MIN

The role of a freelancer integrated within a team

WeAreDevelopers LIVE – AI, Freelancing, Keeping Up with Tech and More

The security challenges of building AI browser agents
06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Featured Partners

Related Videos

See all videos
DevSecOps: Injecting Security into Mobile CI/CD Pipelines45:08

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Moataz Nabil

DevSecOps culture16:00

DevSecOps culture

Ali Yazdani

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

Demystifying DevOps—Pros, cons, dos & don'ts51:13

Demystifying DevOps—Pros, cons, dos & don'ts

Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Get security done: streamlining application security with Aikido08:27

Get security done: streamlining application security with Aikido

Mia Neethling

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
DC
Daniel Cranney
Dev Digest 196: AI Killed DevOps, LLM Political Bias & AI Security
Inside last week’s Dev Digest 196 . ⚖️ Political bias in LLMs 🫣 AI written code causes 1 in 5 security breaches 🖼️ Is there a limit to alternative text on images? 📝 CodeWiki - understand code better 🟨 Long tasks in JavaScript 👻 Scare yourself into n...
Dev Digest 196: AI Killed DevOps, LLM Political Bias & AI Security

From learning to earning

Jobs that call for the skills explored in this talk.

DevOps Engineer

DevOps Engineer

Aark Tech Solution
Zürich, Switzerland

Azure
Kafka
DevOps
Python
Ansible
+5