![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms){kind=small}
Chris Nesbitt-Smith
Policy as [versioned] code - you're doing it wrong
#1about 7 minutes
Introducing the key personas in policy management
An allegorical story illustrates the conflicting perspectives of a CIO, product manager, developer, and operations staff on policy.
#2about 4 minutes
Why simply codifying policy is not enough
Codified policies often fail due to being kept secret, causing breaking changes during deployment, and generating warnings that are ignored in CI/CD pipelines.
#3about 5 minutes
Applying software patterns to policy management
The solution is to treat policy like a software dependency by making it visible, applying semantic versioning, and including tests.
#4about 4 minutes
Implementing versioned policy with modern tooling
A demonstration shows how to manage versioned policies for Terraform and Kubernetes using tools like Checkov, Kyverno, and Renovate for automated updates.
#5about 3 minutes
The cultural importance of purpose-driven policy
Effective policy requires a clear narrative explaining the risk it mitigates, which encourages collaboration and allows the policy to evolve with the business.
#6about 22 minutes
Q&A on policy culture, tooling, and security
The speaker answers audience questions about cultural challenges, tooling like OPA, supply chain attacks, and the role of risk management.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
04:33 MIN
Demo of enforcing compliance with policy as code
Unleashing Potential Across Teams: The Power of Infrastructure as Code
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
03:42 MIN
The challenges of managing policies as code in Git
What we Learned from Reading 100+ Kubernetes Post-Mortems
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
02:24 MIN
Implementing automated guardrails instead of manual gates
Great DevEx and Regulatory Compliance - Possible?
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
02:49 MIN
Shifting security left to prevent incidents before deployment
OPA for the cloud natives
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
06:29 MIN
Introducing Policy as Code and Open Policy Agent
Decoupled Authorization using Policy as Code
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
01:22 MIN
Key principles for balancing developer speed and safety
Great DevEx and Regulatory Compliance - Possible?
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
02:25 MIN
Implementing and enforcing supply chain policies
Securing your application software supply-chain
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
07:10 MIN
Q&A: Implementing DevOps and advocating for change
Shifting Stress to Progress— Understanding DevOps to do DevOps Better
Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Upgrade to PRO for unlimited access to the full archive.
You have an account? Log in
Featured Partners
Related Videos
58:40Platform Engineering vs. DevOps Why not both?
Christian Strack
41:06From Monolith Tinkering to Modern Software Development
Lars Gentsch
46:37What Developers Get Wrong About Application Quality
Chris Riley
43:00Shipping Quality Software In Hostile Environments
Luka Kladaric
32:55Open Source Secure Software Supply Chain in action
Natale Vinto
56:19Plan CI/CD on the Enterprise level!
Pawel Piwosz
51:41Climate vs. Weather: How Do We Sustainably Make Software More Secure?
Panel Discussion
26:50Organizational Change Through The Power Of Why - DevSecOps Enablement
Nazneen Rupawalla
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Peter Park System GmbH
München, Germany
Senior
Python
Docker
Node.js
JavaScript
CONTIAMO GMBH
Berlin, Germany
Senior
Python
Docker
TypeScript
PostgreSQL
SYSKRON GmbH
Regensburg, Germany
Intermediate
Senior
.NET
Python
Kubernetes
PartSpace