Episode 24: Putting The Sec Into DevOps
SilverLining IL - A podcast by MarkeTech Group
Categories:
Attendees Guest: Dima Revelis Guest title: Senior Devops engineer Company: MoonActive Abstract DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices. Timing: 0:00 - Introducing our guest 2:50 - What is devops 7:50 - What is deployment pipeline 14:20 - What is CI and which security testing can be implemented 17:20 - What is CD and which security consideration 18:40 - Dive deeper into security testing - QA, code review, static & dynamic analysis 20:45 - So much automation, do we still need manual testing? 22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management 26:40 - Availability considerations and disaster recovery 33:30 - Summary and final words