![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms){kind=small}
Chris Nesbitt-Smith
Policy as [versioned] code - you're doing it wrong
#1about 7 minutes
Introducing the key personas in policy management
An allegorical story illustrates the conflicting perspectives of a CIO, product manager, developer, and operations staff on policy.
#2about 4 minutes
Why simply codifying policy is not enough
Codified policies often fail due to being kept secret, causing breaking changes during deployment, and generating warnings that are ignored in CI/CD pipelines.
#3about 5 minutes
Applying software patterns to policy management
The solution is to treat policy like a software dependency by making it visible, applying semantic versioning, and including tests.
#4about 4 minutes
Implementing versioned policy with modern tooling
A demonstration shows how to manage versioned policies for Terraform and Kubernetes using tools like Checkov, Kyverno, and Renovate for automated updates.
#5about 3 minutes
The cultural importance of purpose-driven policy
Effective policy requires a clear narrative explaining the risk it mitigates, which encourages collaboration and allows the policy to evolve with the business.
#6about 22 minutes
Q&A on policy culture, tooling, and security
The speaker answers audience questions about cultural challenges, tooling like OPA, supply chain attacks, and the role of risk management.
Related jobs
Jobs that call for the skills explored in this talk.
ROSEN Technology and Research Center GmbH
Osnabrück, Germany
Senior
TypeScript
React
+3
VECTOR Informatik
Stuttgart, Germany
Senior
Kubernetes
Terraform
+1
Matching moments
03:16 MIN
Improving the developer feedback loop with specialized tools
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
03:58 MIN
Making accessibility tooling actionable and encouraging
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
03:10 MIN
Why small companies shouldn't copy big tech processes
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
06:01 MIN
Navigating cultural shifts during rapid growth and investment
From Data Keeper to Culture Shaper: The Evolution of HR Across Growth Stages
02:48 MIN
Building trust through honest developer advocacy
Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3
05:12 MIN
How to build structure and culture without killing agility
From Data Keeper to Culture Shaper: The Evolution of HR Across Growth Stages
05:55 MIN
The security risks of AI-generated code and slopsquatting
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
01:06 MIN
Malware campaigns, cloud latency, and government IT theft
Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre
Featured Partners
Related Videos
1:00:00Un-complicate authorization maintenance
Alex Olivier
32:16Decoupled Authorization using Policy as Code
Anderson Dadario & Denys Vitali
26:23OPA for the cloud natives
Philipp Krenn
23:26Great DevEx and Regulatory Compliance - Possible?
Martin Reynolds
58:40Platform Engineering vs. DevOps Why not both?
Christian Strack
37:09Technology is Necessary, But Not Sufficient
Simon Copsey
24:313 Key Steps for Optimizing DevOps Workflows
Daniel Tao
30:40The Clean as You Code Imperative
Olivier Gaudin
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Zenstack Software Testing Ltd
Charing Cross, United Kingdom
Remote
Bash
YAML
Azure
DevOps
+8