DevSecOps: Are we reducing silos now?

DevSecOps manifesto

  1. Principles do not matter effect.
  2. What happens with the pre-requisites?
  3. What happens for low-regulated industries and companies?
  4. Is DevSecOps really about security?
  5. Are we reducing silos and making organizational changes now?
  1. Deploy security patches to all machines, services without downtimes?
  2. How we Update configurations at runtime without downtime at the massive number of microservices?
  3. How do we reduce the attacker and reliability Blast radius? Are they opposite after all?
  4. How do we rotate Kubernetes Cluster Keys? Can we turn that keys? Are we using HTTPS? How do we know all this?
  5. How do we validate best practices at scale? Do we need to change the Build process, or we do all manually?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Diego Pacheco

Diego Pacheco


Brazilian, Software Architect, SWE(Java, Scala, Rust, Go) SOA & DevOps expert, Author. Working with EKS/K8S. (Opinions on my own)