The software development lifecycle shifted from the linear waterfall model to an iterative agile and DevOps approach to better handle continuous maintenance and new features.
Treating security as a final gatekeeper creates a bottleneck; instead, it should be integrated throughout the development process as a set of non-functional requirements.
A successful DevSecOps culture is built on principles like trust, transparency, incremental improvements, automation, and continuous education.
Integrate automated tools for static code analysis, dependency management, and container image scanning directly into the build process to catch vulnerabilities early.
Containers like Docker provide application isolation, prevent running as root, and support best practices such as the 12-factor app pattern for more secure operations.
While Docker packages applications, container orchestrators like Kubernetes are essential for managing production concerns like service discovery, scheduling, and availability.
The Kubernetes ecosystem enables security teams to provide standardized, centralized services for authentication, logging, and monitoring across all applications.
A Swiss banking software company uses OpenShift and an automated business process framework to manage deployments with auditable approval gates, meeting strict financial regulations.
By certifying a standardized container platform, security governance can shift from repetitive full-stack audits to reviewing only the application and its specific configuration.
44:40Christoph Ruggenthaler
29:34Reto Kaeser
51:41Panel Discussion
44:30Milecia McGregor
45:19Reinhard Kugler
1:41:05Mathias Tausig
42:40Tanya Janca
16:00Ali Yazdani
Jobs that call for the skills explored in this talk.
D-Wave Quantum Inc.
Portland, United States of America
Decentralized Masters
Charing Cross, United Kingdom
DevSecOps, Inc.
Atlanta, United States of America
Punk Security Ltd.
NTT DATA Österreich GmbH
