How to Secure DevOps


Manage episode 268412235 series 2285741
By Cloudcast Media. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Dan “Pop” Papandrea (@danpopnyc, Field CTO @Sysdig Host @PopcastPop) talks about securing DevOps, how to secure containers and runtimes, and the cultural challenges of security in an agile world.

SHOW: 460

PodCTL Podcast is Back (Enterprise Kubernetes) -

Topic 1 - Welcome to the show. I first got to know you through your podcast The POPcast, but you’re been around this evolution of the cloud for quite a while. Tell us a bit about your background.

Topic 2 - There’s a concept that’s now been around a couple years called “DevSecOps”. Originally it was “Sec” being jammed in there because it had been excluded from the early days of DevOps (at least in practice). Where are we with DevSecOps today?

Topic 3 - Let’s talk about DevSecOps in the context of containers. We now have things like Container Scanning, Container Signing, and Immutable Infrastructure and yet security still concerns people. Isn’t the “software supply chain” supposed to weed out the vulnerabilities before they get into the production systems?

Topic 4 - One of the challenges that companies have in adopting containers is that they were used to having root access to hosts, and containers live in the user space. How can security tools fit into a container world?

Topic 5 - As you talk to lots of companies, how are they dealing with the cultural challenges that go along with implementing DevSecOps?

Topic 6 - Any tips or suggestions you can share to help people avoid common DevSecOps mistakes, or accelerate best practices and wider adoption?


508 episodes