In this episode, Jeffrey is discussing security in DevOps with his guest, Henry Been. Henry is an independent DevOps and Azure architect from the Netherlands. He enjoys working with development teams to create and deliver great software — and for him, this includes the full DevOps cycle; starting with discovering and planning new features and ending only when end users are satisfied. Henry’s interests include the Azure cloud, Agile, DevOps, software architecture and the design and implementation of testable and maintainable software. Next to his work, Henry is one of the Microsoft ALM DevOps Rangers — which is a group of 130 engineers worldwide who share professional guidance and create gap-filling solutions surrounding Azure.

 

Henry and Jeffrey discuss, in-depth, everything you want to know when it comes to security with DevOps. Henry offers advice on how to implement security into your DevOps practice, makes recommendations on how to be more secure at each stage of the software development application lifecycle, highlights possible vulnerabilities that you might want to watch out for, and offers tools you can utilize to combat this and up your security in your DevOps environment.

 

Topics of Discussion:

[:40] About today’s episode and featured guest expert.

[1:35] Jeffrey welcomes Henry to the podcast.

[1:41] What Henry has been up to of late.

[2:21] How Henry has found himself in the DevOps space.

[3:08] Henry shares some information about the ALM DevOps Rangers he is a part of.

[4:16] About the half-marathon Henry recently finished!

[5:50] How did the term DevSecOps come about? And what do people need to know about it?

[7:22] Henry offers advice on how to implement security into your DevOps practice.

[8:26] Henry’s recommendations for being more secure at each stage of the software development application lifecycle.

[12:47] The vulnerabilities of copying your database offsite.

[13:44] Is keeping your database offline more secure than having it online?

[14:04] A word from Azure DevOps sponsor: Clear Measure.

[14:29] Henry outlines ways to limit the surface area of personal access to environments.

[16:29] A vulnerability in the FCKeditor WYSIWYG HTML editor and how to avoid it.

[17:53] Henry and Jeffrey’s take on why many are fearful of a scheduled, automated deployment or redeployment.

[20:45] The work Henry has done with Azure Policy and how can help.

[24:04] One of the most vulnerable attack surfaces: any area that a human’s account has access to.

[24:41] What’s on the roadmap for Henry!

[26:32] How to keep up with Henry and everything he’s doing.

[27:02] Henry’s recommendations to those who want to learn more about security in their DevOps environment.

 

Mentioned in this Episode:

Azure DevOps

Azure DevOps User Group on Meetup

Microsoft ALM DevOps Rangers

DevSecOps

SQL Clone from Redgate

Redgate

Clear Measure (Sponsor)

Infrastructure as code

FCKeditor WYSIWYG HTML

Azure Policy

Henry’s Blog (HenryBeen.nl)

Henry’s Twitter @Henry_Been

 

Want to Learn More?

Visit AzureDevOps.Show for show notes and additional episodes.

 

Follow Up with Our Guest:

Henry Been’s LinkedIn

Henry’s Blog

Henry’s Twitter