I've compiled a package of security practices that can be applied iteratively in your DevOps team, and promised to share more material around this. But before we dive into the entire 'DevOps eight', I'd like to share four basic steps towards better security.

I started my professional career as a developer, and I've always been interested in security. About 10 years ago I moved over to focus primarily on cybersecurity and secure software development. As a consultant, I worked with multiple customers. We worked with secure software development and did a substantial amount of 'white-box security tests' - typically summarizing the findings in a report with recommended solutions and mitigations to customers. Each customer typically triggered such reviews once or twice a year, as one of the final steps in a release cycle...