![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms){kind=small}
Chris Nesbitt-Smith
Policy as [versioned] code - you're doing it wrong
#1about 7 minutes
Introducing the key personas in policy management
An allegorical story illustrates the conflicting perspectives of a CIO, product manager, developer, and operations staff on policy.
#2about 4 minutes
Why simply codifying policy is not enough
Codified policies often fail due to being kept secret, causing breaking changes during deployment, and generating warnings that are ignored in CI/CD pipelines.
#3about 5 minutes
Applying software patterns to policy management
The solution is to treat policy like a software dependency by making it visible, applying semantic versioning, and including tests.
#4about 4 minutes
Implementing versioned policy with modern tooling
A demonstration shows how to manage versioned policies for Terraform and Kubernetes using tools like Checkov, Kyverno, and Renovate for automated updates.
#5about 3 minutes
The cultural importance of purpose-driven policy
Effective policy requires a clear narrative explaining the risk it mitigates, which encourages collaboration and allows the policy to evolve with the business.
#6about 22 minutes
Q&A on policy culture, tooling, and security
The speaker answers audience questions about cultural challenges, tooling like OPA, supply chain attacks, and the role of risk management.
Related jobs
Jobs that call for the skills explored in this talk.
VECTOR Informatik
Stuttgart, Germany
Senior
Kubernetes
Terraform
+1
ROSEN Technology and Research Center GmbH
Osnabrück, Germany
Senior
TypeScript
React
+3
Matching moments
01:32 MIN
Organizing a developer conference for 15,000 attendees
Cat Herding with Lions and Tigers - Christian Heilmann
04:49 MIN
Using content channels to build an event community
Cat Herding with Lions and Tigers - Christian Heilmann
02:44 MIN
Rapid-fire thoughts on the future of work
What 2025 Taught Us: A Year-End Special with Hung Lee
04:22 MIN
Why HR struggles with technology implementation and adoption
What 2025 Taught Us: A Year-End Special with Hung Lee
03:48 MIN
Automating formal processes risks losing informal human value
What 2025 Taught Us: A Year-End Special with Hung Lee
05:18 MIN
Incentivizing automation with a 'keep what you kill' policy
What 2025 Taught Us: A Year-End Special with Hung Lee
03:38 MIN
Balancing the trade-off between efficiency and resilience
What 2025 Taught Us: A Year-End Special with Hung Lee
03:39 MIN
Breaking down silos between HR, tech, and business
What 2025 Taught Us: A Year-End Special with Hung Lee
Featured Partners
Related Videos
1:00:00Un-complicate authorization maintenance
Alex Olivier
32:16Decoupled Authorization using Policy as Code
Anderson Dadario & Denys Vitali
26:23OPA for the cloud natives
Philipp Krenn
23:26Great DevEx and Regulatory Compliance - Possible?
Martin Reynolds
58:40Platform Engineering vs. DevOps Why not both?
Christian Strack
37:09Technology is Necessary, But Not Sufficient
Simon Copsey
24:313 Key Steps for Optimizing DevOps Workflows
Daniel Tao
33:20DevSecOps: Security in DevOps
Aarno Aukia
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Mentmore Recruitment
Woking, United Kingdom
£80-90K
Senior
Azure
DevOps
Docker
Kubernetes
+4
Datadog
Paris, France
DevOps
Python
Kubernetes
Configuration Management
knowmad Mood
Santa Cruz de Tenerife, Spain
Remote
GIT
Bash
Redis
DevOps
+9
knowmad Mood
Badajoz, Spain
Remote
GIT
Bash
Redis
DevOps
+9