Security is important – but in my experience managers, product owners and developers often find themselves lost in translation once they attempt to map the “Security is very important to us” abstraction to features and userstories. How do you as a developer protect secrets such as passwords and connectionstrings without loosing flexibility in your development experience and how do you enforce security in your Continuous Integration and Delivery pipeline while maintaining 100% automation? During this talk I will de-mystify security as a concept, I will show lessons learned in previous projects and also show examples of security best-practises applied in a Continuous Integration and Deployment pipeline |