While it would be amazing to focus 100% on our code in our work, the reality of modern DevOps is we also need to worry about where it runs. In a simpler time, the operations team would grant us precious disk and machine resources after a requisition request. Security was tight, as those servers were locked down behind private networks and gateways. Living in the modern world of platforms as a service and infrastructure as code, IaC, means just taking security for granted is no longer an option.

Even if the security team could manage every possible bit of your infrastructure, understanding how to manage security better is going to help everyone stay safe, especially at scale.

Takeaways:

- What does good security look like
- What can go wrong?
- The security issues (and benefits) IaC brings
- When the security team should be involved
- Local/individual testing for scale

mcdwayne
Developer Advocate at GitGuardian and huge fan of open source

https://drupal-govcon-2024.sessionize.com/session/692878