Snyk Community

loading...

Discussion on: Hi all. Anyone else from a "traditional" pen testing background getting in to DevSecOps?

Collapse
durbin profile image
Joe Durbin Author

Hi Chris. I'm getting a handle on it. I've started by generalizing and getting the basic certs in AWS, Azure, GCP. Ive been living and breathing docker and kubernetes since the begging of covid. I've also been running a gitlab server and practicing CI/CD pipelines and getting runners configured etc. Ive also been on multiple cloud pentesting engagements so I have a good handle on the deployment environments.

Collapse
durbin profile image
Joe Durbin Author

Im trying to formulate an attack plan on which technologies I should be focused on

And as I'm not a developer I'm trying to work out how to get exposure to these types of environments to see where I can add value in terms of security guidance

I think my next hire will be a seasoned DevOps or DevSecOps engineer to bring some more resource in house