ICONIC 2025 I Introduction to Security DevOps & Kubernetes

Mike Ryan explores the evolving challenges of securing modern application development, focusing on DevSecOps principles and Kubernetes security. He discusses why security often lags in DevOps environments—citing cultural gaps, lack of incentives, and reactive approaches—and stresses the importance of "shifting left" to embed security earlier in the development lifecycle.

The session covers key security tools and practices (e.g. SAST, DAST, SBOMs, ASVS 4.0), and provides a detailed overview of Kubernetes architecture, threat models, and shared responsibility models. Mike also outlines common misconfigurations, real-world attack examples, and tools for securing clusters, workloads, and APIs.

The session closes with actionable insights on hardening Kubernetes environments, leveraging CI/CD tools, and aligning platform security with business needs.