Session
Security as Code: From Rules to Reality
In this talk, we will share how we build "Security as Code" using tools and policy engines like OPA, cnspec, and k8s admission controllers.
We explain and demo how to discuss, develop, implement and practice key cloud-native security pieces for true defense in depth.
Beginning by clarifying what policies and best practices actually are, and where to source them.
From there, we’ll explore how to translate high-level security requirements into concrete technical policies, including how to implement, enforce, and maintain them effectively.
This will include all levels of the stack - from infrastructure (Terraform), to platform (Kubernetes), and to application (testing/SCA/scanning).
Finally, we’ll briefly discuss the practical challenges of establishing these practices in real-world environments and sustaining them during day-to-day operations.
Daniel Drack
Senior DevOps Engineer @ FullStackS GmbH | Community & Cloud Native Days Organizer
Graz, Austria
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top