Aarno Aukia

DevSecOps: Security in DevOps

A Swiss bank automated security into their pipeline, proving you can achieve both agility and compliance. Here's how they did it.

DevSecOps: Security in DevOps
#1about 3 minutes

Understanding the evolution from waterfall to DevOps

The software development lifecycle shifted from the linear waterfall model to an iterative agile and DevOps approach to better handle continuous maintenance and new features.

#2about 2 minutes

Why security must be integrated from the start

Treating security as a final gatekeeper creates a bottleneck; instead, it should be integrated throughout the development process as a set of non-functional requirements.

#3about 5 minutes

Exploring the core principles of DevSecOps

A successful DevSecOps culture is built on principles like trust, transparency, incremental improvements, automation, and continuous education.

#4about 3 minutes

Automating security checks in the CI/CD pipeline

Integrate automated tools for static code analysis, dependency management, and container image scanning directly into the build process to catch vulnerabilities early.

#5about 3 minutes

Using containers to improve security and deployment

Containers like Docker provide application isolation, prevent running as root, and support best practices such as the 12-factor app pattern for more secure operations.

#6about 6 minutes

Managing production complexity with container orchestration

While Docker packages applications, container orchestrators like Kubernetes are essential for managing production concerns like service discovery, scheduling, and availability.

#7about 2 minutes

Centralizing security services in a Kubernetes ecosystem

The Kubernetes ecosystem enables security teams to provide standardized, centralized services for authentication, logging, and monitoring across all applications.

#8about 5 minutes

Case study of regulated deployments in banking

A Swiss banking software company uses OpenShift and an automated business process framework to manage deployments with auditable approval gates, meeting strict financial regulations.

#9about 4 minutes

Shifting from full-stack audits to additive governance

By certifying a standardized container platform, security governance can shift from repetitive full-stack audits to reviewing only the application and its specific configuration.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Integrating security into the DevOps lifecycle with DevSecOps
08:53 MIN

Integrating security into the DevOps lifecycle with DevSecOps

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

The cultural shift from DevOps to DevSecOps
00:17 MIN

The cultural shift from DevOps to DevSecOps

You can’t hack what you can’t see

The modern DevSecOps approach to application security
42:21 MIN

The modern DevSecOps approach to application security

Maturity assessment for technicians or how I learned to love OWASP SAMM

The expanding role of developers in security
00:45 MIN

The expanding role of developers in security

Vulnerable VS Code extensions are now at your front door

The evolution from traditional security to DevSecOps
00:09 MIN

The evolution from traditional security to DevSecOps

DevSecOps culture

Integrating security earlier in the development lifecycle
05:33 MIN

Integrating security earlier in the development lifecycle

Vulnerable VS Code extensions are now at your front door

Shifting security testing left in the development lifecycle
04:46 MIN

Shifting security testing left in the development lifecycle

Vue3 practical development

Key lessons learned from implementing DevSecOps
28:42 MIN

Key lessons learned from implementing DevSecOps

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Featured Partners

Related Videos

See all videos
DevSecOps culture16:00

DevSecOps culture

Ali Yazdani

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

DevSecOps: Injecting Security into Mobile CI/CD Pipelines45:08

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Moataz Nabil

Demystifying DevOps—Pros, cons, dos & don'ts51:13

Demystifying DevOps—Pros, cons, dos & don'ts

Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Get security done: streamlining application security with Aikido08:27

Get security done: streamlining application security with Aikido

Mia Neethling

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
CH
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?

From learning to earning

Jobs that call for the skills explored in this talk.

DevSecOps

DevSecOps

alvatross
Municipality of Vitoria-Gasteiz, Spain

Intermediate
API
DevOps
Python
Gitlab
Docker
+10
DevSecOps Engineer

DevSecOps Engineer

Accenture
Municipality of Bilbao, Spain

API
Scrum
DevOps
Docker
Kubernetes
+1
DevSecOps Engineer

DevSecOps Engineer

Accenture
Municipality of Madrid, Spain

API
Scrum
DevOps
Docker
Kubernetes
+1