Snyk Community

loading...

Discussion on: Hi all. Anyone else from a "traditional" pen testing background getting in to DevSecOps?

Collapse
snykcommunity profile image
SnykCommunity

Yes, did this a few years ago! Took some reading and going to the right conferences, listening to podcasts etc. Totally worth it 🙂
Tbh I have always been coding in university/spare time, which helps

Let me know if you need advice on something specific

Collapse
durbin profile image
Joe Durbin Author

Hi Chris. I'm getting a handle on it. I've started by generalizing and getting the basic certs in AWS, Azure, GCP. Ive been living and breathing docker and kubernetes since the begging of covid. I've also been running a gitlab server and practicing CI/CD pipelines and getting runners configured etc. Ive also been on multiple cloud pentesting engagements so I have a good handle on the deployment environments.

Collapse
durbin profile image
Joe Durbin Author

Im trying to formulate an attack plan on which technologies I should be focused on

And as I'm not a developer I'm trying to work out how to get exposure to these types of environments to see where I can add value in terms of security guidance

I think my next hire will be a seasoned DevOps or DevSecOps engineer to bring some more resource in house