Finding the path to #DevSecOps nirvana.

[ARCHIVED] A talk about my experiences automating security infrastructure in AWS at Xero. The end goal, things to consider in a security context, the 80/20 rule, convincing people and how to get started. Buzzwords include: DevOps, DevSecOps, AWS, Cloud, CI/CD, “.* as code”.

I’ve spent most of the last three years automating security infrastructure in AWS at Xero. I want to tell you about my journey, the end goal, what I learned on the way, how you can reap the most benefit from the least amount of effort and most of all how to get started.