Earlier this month I had the honor to speak at the second Microsoft DevOps Forum. This time with a Focus on DevSecOps.

The featured talks covered everything from the basics of DevSecOps to details like how to achieve higher security by using features and best practices provided by Microsoft Azure and GitHub. These ranged from Azure Security Center, Azure Sentinel, GitHub CodeQL and other GitHub Advanced Security features to open source tools.

My talk was focused on DevSecOps for small and medium teams and businesses and how they can start their Cloud Security Journey by introducing first security features using quick wins.

“Start small and grow”

This is one of the most important aspects. When starting with DevSecOps you should focus on best practices and quick wins first. This helps you to introduce cloud security into your workflows without slowing down your teams. It also helps you to get the first parts into production fast (where they can help you) instead of iterating on a theoretical big picture. Then iterate and introduce more security features over time.

“Shift left”

Second, try to implement DevSecOps through the whole DevOps cycle. Do not limit security to the operation stage. Try to move security as far to the left as possible. Also, integrate it into all DevOps stages. Raise awareness of security with your entire team to design your application architecture with security in mind. Run code analysis in Pull Requests to detect security vulnerabilities before they get merged into the main branch. These are just some of numerous examples.

Don’t miss to check out my slides to gain even more useful insights:

Klicken Sie auf den unteren Button, um den Inhalt von www.slideshare.net zu laden.

Inhalt laden

Also, don’t miss to replay the whole event including all talks (German only) by registering here.