Azure & DevOps Podcast

Henry Been on Security with DevOps - Episode 012


Listen Later

In this episode, Jeffrey is discussing security in DevOps with his guest, Henry Been. Henry is an independent DevOps and Azure architect from the Netherlands. He enjoys working with development teams to create and deliver great software — and for him, this includes the full DevOps cycle; starting with discovering and planning new features and ending only when end users are satisfied. Henry’s interests include the Azure cloud, Agile, DevOps, software architecture and the design and implementation of testable and maintainable software. Next to his work, Henry is one of the Microsoft ALM DevOps Rangers — which is a group of 130 engineers worldwide who share professional guidance and create gap-filling solutions surrounding Azure.

 

Henry and Jeffrey discuss, in-depth, everything you want to know when it comes to security with DevOps. Henry offers advice on how to implement security into your DevOps practice, makes recommendations on how to be more secure at each stage of the software development application lifecycle, highlights possible vulnerabilities that you might want to watch out for, and offers tools you can utilize to combat this and up your security in your DevOps environment.

 

Topics of Discussion:

[:40] About today’s episode and featured guest expert.

[1:35] Jeffrey welcomes Henry to the podcast.

[1:41] What Henry has been up to of late.

[2:21] How Henry has found himself in the DevOps space.

[3:08] Henry shares some information about the ALM DevOps Rangers he is a part of.

[4:16] About the half-marathon Henry recently finished!

[5:50] How did the term DevSecOps come about? And what do people need to know about it?

[7:22] Henry offers advice on how to implement security into your DevOps practice.

[8:26] Henry’s recommendations for being more secure at each stage of the software development application lifecycle.

[12:47] The vulnerabilities of copying your database offsite.

[13:44] Is keeping your database offline more secure than having it online?

[14:04] A word from Azure DevOps sponsor: Clear Measure.

[14:29] Henry outlines ways to limit the surface area of personal access to environments.

[16:29] A vulnerability in the FCKeditor WYSIWYG HTML editor and how to avoid it.

[17:53] Henry and Jeffrey’s take on why many are fearful of a scheduled, automated deployment or redeployment.

[20:45] The work Henry has done with Azure Policy and how can help.

[24:04] One of the most vulnerable attack surfaces: any area that a human’s account has access to.

[24:41] What’s on the roadmap for Henry!

[26:32] How to keep up with Henry and everything he’s doing.

[27:02] Henry’s recommendations to those who want to learn more about security in their DevOps environment.

 

Mentioned in this Episode:

Azure DevOps

Azure DevOps User Group on Meetup

Microsoft ALM DevOps Rangers

DevSecOps

SQL Clone from Redgate

Redgate

Clear Measure (Sponsor)

Infrastructure as code

FCKeditor WYSIWYG HTML

Azure Policy

Henry’s Blog (HenryBeen.nl)

Henry’s Twitter @Henry_Been

 

Want to Learn More?

Visit AzureDevOps.Show for show notes and additional episodes.

 

Follow Up with Our Guest:

Henry Been’s LinkedIn

Henry’s Blog

Henry’s Twitter

...more
View all episodesView all episodes
Download on the App Store

Azure & DevOps PodcastBy Jeffrey Palermo

  • 4.5
  • 4.5
  • 4.5
  • 4.5
  • 4.5

4.5

19 ratings


More shows like Azure & DevOps Podcast

View all
Hanselminutes with Scott Hanselman by Scott Hanselman

Hanselminutes with Scott Hanselman

377 Listeners

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

272 Listeners

.NET Rocks! by Carl Franklin and Richard Campbell

.NET Rocks!

244 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

283 Listeners

The Cloudcast by Massive Studios

The Cloudcast

153 Listeners

Thoughtworks Technology Podcast by Thoughtworks

Thoughtworks Technology Podcast

40 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

622 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

202 Listeners

Data Engineering Podcast by Tobias Macey

Data Engineering Podcast

141 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

986 Listeners

The freeCodeCamp Podcast by freeCodeCamp.org

The freeCodeCamp Podcast

484 Listeners

CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

CoRecursive: Coding Stories

189 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

181 Listeners

The Stack Overflow Podcast by The Stack Overflow Podcast

The Stack Overflow Podcast

62 Listeners

The Real Python Podcast by Real Python

The Real Python Podcast

139 Listeners