Alexandra Hou Aldershaab
DevOps Consultant at Eficode
Silkeborg, Denmark
Actions
Alexandra is a seasoned DevOps Consultant at Eficode. Having navigated diverse environments filled with legacy pipelines sprinkled with ancient scripts, she's become a passionate advocate for Developer Experience.
She is dedicated to optimising both technical processes (modern pipelines) as well as interpersonal dynamics (team collaboration). Wholeheartedly believing that effective communication is crucial for delivering high-quality software and preventing burnout.
Area of Expertise
Topics
The Developer’s Nightmare: How To Survive Compliance Checklists (and Still Ship Fast)
You did it! The new feature you’ve been implementing is now ready and you can’t wait to ship it.
“Not so fast”. Oh no, it’s them: the guardians of compliance! You know what’s about to happen. You’ve been there before.
- Are you using any license that is not approved?
- Is there any CVE reported for the new dependencies you added?
- Can you guarantee the artifact running in production has not been tampered with?
Several checklists, paperwork, and meetings later, you’re finally approved for release. Not fun. Where did the developer joy go?
In this session, Alexandra and Thomas explore how to break the compliance barriers for developers, even in highly-regulated industries. The goal is to enhance the developer experience while letting the platform automate and enforce compliance and security checks.
You'll follow the mishaps of a developer and learn how to deal with compliance, using practical solutions based on OSS tools like Backstage, Dependency-Track, Sigstore and Buildpacks.
Death to the Spreadsheet: Breaking the Cycle of "Security Theater"
Compliance is not security, but for many organizations, they look identical: an annual fire drill of manual spreadsheets, stale screenshots, and "check-the-box" exercises. Pure Security Theater — a performance that satisfies auditors with a snapshot in time but fails to defend against a living threat landscape.
In this session, we’ll discuss how to dismantle the spreadsheet-driven security model and replace it with Applied DevSecOps. We will explore how to bridge the gap between static security requirements and the reality of high-velocity engineering.
Using CIS Control 16 as a practical lens, we will explore the blueprint for "Continuous Governance":
- Exposing the Theater: Why manual evidence collection (like inventories and static policies) is obsolete the moment a developer hits "merge."
- Building the "Paved Road": Shifting from manual "gates" to automated "guardrails" that live inside the IDE and CI/CD pipeline.
- Compliance as a Side Effect: How to architect your platform so that audit evidence is generated as a telemetry byproduct of the build process, rather than a manual post-mortem.
- The Culture of Ownership: Moving security responsibility to Platform Engineers and Team Leads without creating new bottlenecks.
Whether you are a Lead managing risk or a Practitioner tired of "compliance toil," you will leave with a practical take on turning any static security control into a living, automated part of your ecosystem.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top