In an ideal world, we would never need security as everyone is good and wouldn’t try to harm other people or in our case our precious deployments. Sadly we do not live in an ideal world and bad people will always try and take advantage of others.
Security therefore is a necessity but is still avoided by many engineers due to its perceived complexity and the effort required to implement good security. When I worked as a runtime engineer, I can shamefully say I also tried to avoid security unless necessary. Nowadays I know that to not be true. Sure, 10-15 years back, managing security was much more difficult but with the rise of automation this is much less of an issue. Most security issues are related to simple things that can be avoided with minimal effort.
This talk aims to shift the perception that good security is difficult to implement. I will talk about simple steps that you can take from development all the way to deployment that will help reduce the risk of your organisation being attacked and showcase some technologies that enable you to automate and mitigate security risks so you can be more efficient while reducing the risks that bad people take advantage of.