Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevSecOps for the modern cloud era
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Gurucharan Subramani
February 01, 2020
Programming
0
26
DevSecOps for the modern cloud era
Gurucharan Subramani
February 01, 2020
Tweet
Share
More Decks by Gurucharan Subramani
See All by Gurucharan Subramani
Serverless and AI Fun with Azure
gurucharan94
0
100
Other Decks in Programming
See All in Programming
Amazon Bedrockを活用したRAGの品質管理パイプライン構築
tosuri13
5
710
AI巻き込み型コードレビューのススメ
nealle
1
300
並行開発のためのコードレビュー
miyukiw
0
170
「ブロックテーマでは再現できない」は本当か?
inc2734
0
1k
IFSによる形状設計/デモシーンの魅力 @ 慶應大学SFC
gam0022
1
300
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
rkaga
4
2k
FOSDEM 2026: STUNMESH-go: Building P2P WireGuard Mesh Without Self-Hosted Infrastructure
tjjh89017
0
170
Raku Raku Notion 20260128
hareyakayuruyaka
0
130
Smart Handoff/Pickup ガイド - Claude Code セッション管理
yukiigarashi
0
140
CSC307 Lecture 09
javiergs
PRO
1
840
それ、本当に安全? ファイルアップロードで見落としがちなセキュリティリスクと対策
penpeen
7
3.9k
360° Signals in Angular: Signal Forms with SignalStore & Resources @ngLondon 01/2026
manfredsteyer
PRO
0
130
Featured
See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
76
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
940
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
9.5k
Believing is Seeing
oripsolob
1
55
Game over? The fight for quality and originality in the time of robots
wayneb77
1
120
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Marketing to machines
jonoalderson
1
4.6k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
117
110k
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
220
Transcript
Security Mindset : Actionable DevSecOps Guide for the brave new
cloud era Gurucharan Subramani www.gurucharan.in
ME !! MEEEEE !!! @gurucharan94 • I work at ABB.
• IoT - Electric Transportation Charging Infra • Reduce C02 Emissions and fight climate change.
@gurucharan94 Audience Survey • Did you make a new friend
?? • Developers ?? Operations ?? Security ?? • How many know Diffie-Hellman Key Exchange??
DevSecOps @gurucharan94 Once upon a time…. • Silo teams –
Dev / Test / Ops / Sec • Release every 3 months or longer. • Code freezes, hand offs and lot of emails. • On premises servers
DevSecOps @gurucharan94 …. and that meant we ended up here.
DevSecOps @gurucharan94 We partly solved the problem with the Cloud,
DevOps and Continuous Delivery Principles.
DevSecOps @gurucharan94 … but faster release cycles and the cloud
adoption meant traditional security gates were becoming irrelevant.
@gurucharan94 DevSecOps Code Build Unit Tests Test Env Integration Tests
Security Tests Prod Let us find out how to go from here….. Code Build Unit Tests Integration Tests Prod Security Tests ….. to here
@gurucharan94 DevSecOps and more importantly from here… to here…
@gurucharan94 Secure Coding Practices Code Build Unit Tests Integration Tests
Prod Security Tests
@gurucharan94 DevSecOps What is vulnerable code ? • Allows SQL
Injection, XSS etc. • OWASP and other vulnerabilities. • Hard coded credentials in code
@gurucharan94 DevSecOps Where is the vulnerable piece of code ??
• Code that my colleague writes • Open source software
@gurucharan94 DevSecOps Static Code Analysis Visual Studio Extensions • Security
Code Scan • SonarQube and SonarLint https://security-code-scan.github.io/ https://www.sonarlint.org/
@gurucharan94 DevSecOps Managed Identity helps you avoid hardcode credentials in
code https://devblogs.microsoft.com/visualstudio/managing-secrets-securely-in-the-cloud/
@gurucharan94 DevSecOps State of the Software Supply Chain - Sonatype
@gurucharan94 DevSecOps Scan for libraries with vulnerabilities • WhiteSource •
OWASP Dependency Check • Nexus etc.
@gurucharan94 Secure Infrastructure Practices Code Build Unit Tests Integration Tests
Prod Security Tests
@gurucharan94 DevSecOps Securing your Infrastructure • Pipeline Infra • Application
Infra
@gurucharan94 DevSecOps •HTTPS Everywhere •Protecting your pipelines •Principle of least
privilege •Secure Communication – IoT Devices
@gurucharan94 DevSecOps Shared Security Responsibility in the cloud https://docs.microsoft.com/en- us/azure/security/fundamentals/shared-responsibility
@gurucharan94 DevSecOps AzSK – Secure DevOps Kit for Azure The
Secure DevOps Kit for Azure is a PowerShell Module that tests the configuration of Azure resources for security and operational best practices. https://github.com/azsk/DevOpsKit
@gurucharan94 DevSecOps AzSK – Secure DevOps Kit for Azure
@gurucharan94 DevSecOps Assuming Breach • Red Teams and Pen Testing
• Monitoring and Metrics • Incident Response Plan
@gurucharan94 DevSecOps Recap – Secure Code • Static Code Analysis
– SonarQube and VS extensions • Azure Key Vault and Managed Identity • OSS Vulnerability Scans - WhiteSource
@gurucharan94 DevSecOps Recap – Secure Infra • Right access levels
and permissions. • Secure Communication using HTTPS. • Shared Responsibility Model in the Cloud. • AzSK – Azure Security Kit
@gurucharan94 How cyber aware are you?? • The first /
last char in your office password is a number • Password Manager? • HIBP ?
@gurucharan94 DON’T YOLO. BE CYBER AWARE. DON’T BE THE NEXT
DATA BREACH.
@gurucharan94 Let’s Connect www.gurucharan.in
@gurucharan94 Thank You !!!
gurucharan94
tosuri13
nealle
miyukiw
inc2734
gam0022
rkaga
tjjh89017
hareyakayuruyaka
yukiigarashi
javiergs
penpeen
manfredsteyer
jeffersonlam
tmiket
tamaranovitovic
aleyda
oripsolob
wayneb77
malarkey
pedronauck
jonoalderson
aarron
twada
baasie
