top of page
  • Writer's pictureStefania

Compliance and Shifting Security Left @ Eficode DevOps Experience Aarhus 16th September



On a mild September morning I made my way to Aarhus, the second biggest city in Denmark ๐Ÿ‡ฉ๐Ÿ‡ฐ for Eficode's first DevOps Experience. The event was hosted in the Aarhus International Sailing Centre with beautiful panoramic ocean views as we discussed trends and challenges of DevOps in an intimate professional setting ๐ŸŒŠ



Marko Klemetti, CTO of Eficode started us off discussing 'whats happening in DevOps world and future trends'. It was a thought provoking session with many themes including value streams (from ticket to deployment), identifying current state and manual processes and sharing industry stats. #didyouknow 47% of orgs have not defined continuous security responsibility!? My personal highlight was bringing up the Mars rover, if that can be updated, so can your software! ๐Ÿ‘ฝ



After Marcos session, post-its were distributed amongst the attendees and we were each asked to write the current challenge we were facing or what was top of our mind. We each came to the front to briefly introduce ourself and explain the post it placing it on a whiteboard. Then we voted with dots on the whiteboard. The two most popular were discussed: Compliance and How to Shift Security Left (DevSecOps) ๐Ÿ”



After the discussion, I took the stage with ''Securing DevOps with GitLab: How to embed security within the software delivery process". I presented two usecases: what happens when you get 10k vulnerabilities at the end of the software development lifecycle vs when you empower each developer to fix their vulnerabilities when they are introduced? ๐Ÿค” By shifting left with Security and running scans within existing workflows, developers can identify issues as part of a commit resulting in less vulnerabilities in production, lower levels of deployment pain and better organisational performance. I left the audience with some further reading including a GitLab DevSecOps blog series, DevSecOps by Glenn Wilson and Gene Kim favourites: Phoenix + Unicorn Project and Accelerate ๐Ÿš€



We stopped for lunch, a delicious spread including a vegan option and then Kim Ouzman from Secure Code Warrior talked us through compliance, requirements and the hotpot of standards organisations have to adhere to ๐Ÿซ• During the Q&A she demo-d the SCW Jira integration and I saw my (deactivated) name as workplace admin, nice to know my legacy lives on at my previous employer ๐Ÿฅฐ



For the final session Kalle Sirkesalo hosted an ask my anything, which to my delight included pen on white board architectures ๐Ÿง‘โ€๐ŸŽจ He discussed nuances between Cloud providers, accounts, aliases and active directory. We finished with a recap of the day and information of the upcoming 'The DevOps Conference', hosted by Eficode ๐Ÿคฉ



Overall an excellent event! I love listening to organisations, finding out their current state, what is top of their mind, before presenting. Eficode facilitated this with ease and I highly recommend working with them ๐Ÿ’ฏ Check out my 'Coming up' page to see where I'm speaking at next or get in touch if you'd like me to speak at your company or event ๐ŸŽ™๏ธ


Thanks for reading โฃ๏ธ

@devstefops ๐Ÿ‘ฉ๐Ÿฝโ€๐Ÿ’ป๐ŸŒด๐Ÿ’—

144 views0 comments

Recent Posts

See All
bottom of page