Session

Security as Code: From Rules to Reality

In this talk, we will share how we build "Security as Code" using tools and policy engines like OPA, cnspec, and k8s admission controllers.
We explain and demo how to discuss, develop, implement and practice key cloud-native security pieces for true defense in depth.
Beginning by clarifying what policies and best practices actually are, and where to source them.
From there, we’ll explore how to translate high-level security requirements into concrete technical policies, including how to implement, enforce, and maintain them effectively.
This will include all levels of the stack - from infrastructure (Terraform), to platform (Kubernetes), and to application (testing/SCA/scanning).
Finally, we’ll briefly discuss the practical challenges of establishing these practices in real-world environments and sustaining them during day-to-day operations.

Daniel Drack

Senior DevOps Engineer @ FullStackS GmbH | Community & Cloud Native Days Organizer

Graz, Austria

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top