Aarno Aukia

DevSecOps: Security in DevOps

A Swiss bank automated security into their pipeline, proving you can achieve both agility and compliance. Here's how they did it.

DevSecOps: Security in DevOps
#1about 3 minutes

Understanding the evolution from waterfall to DevOps

The software development lifecycle shifted from the linear waterfall model to an iterative agile and DevOps approach to better handle continuous maintenance and new features.

#2about 2 minutes

Why security must be integrated from the start

Treating security as a final gatekeeper creates a bottleneck; instead, it should be integrated throughout the development process as a set of non-functional requirements.

#3about 5 minutes

Exploring the core principles of DevSecOps

A successful DevSecOps culture is built on principles like trust, transparency, incremental improvements, automation, and continuous education.

#4about 3 minutes

Automating security checks in the CI/CD pipeline

Integrate automated tools for static code analysis, dependency management, and container image scanning directly into the build process to catch vulnerabilities early.

#5about 3 minutes

Using containers to improve security and deployment

Containers like Docker provide application isolation, prevent running as root, and support best practices such as the 12-factor app pattern for more secure operations.

#6about 6 minutes

Managing production complexity with container orchestration

While Docker packages applications, container orchestrators like Kubernetes are essential for managing production concerns like service discovery, scheduling, and availability.

#7about 2 minutes

Centralizing security services in a Kubernetes ecosystem

The Kubernetes ecosystem enables security teams to provide standardized, centralized services for authentication, logging, and monitoring across all applications.

#8about 5 minutes

Case study of regulated deployments in banking

A Swiss banking software company uses OpenShift and an automated business process framework to manage deployments with auditable approval gates, meeting strict financial regulations.

#9about 4 minutes

Shifting from full-stack audits to additive governance

By certifying a standardized container platform, security governance can shift from repetitive full-stack audits to reviewing only the application and its specific configuration.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Videos

See all videos
Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Security Challenges of Breaking A Monolith45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

Maturity assessment for technicians or how I learned to love OWASP SAMM1:41:05

Maturity assessment for technicians or how I learned to love OWASP SAMM

Mathias Tausig

Building Security Champions42:40

Building Security Champions

Tanya Janca

Enhancing Workload Security in Kubernetes44:00

Enhancing Workload Security in Kubernetes

Dimitrij Klesev & Andreas Zeissner

From learning to earning

Jobs that call for the skills explored in this talk.