Victoria Almazova

Senior Security Architect, Microsoft

Victoria believes that empowering developers and architects in security tasks by helping with education will increase security level without increasing additional workload.

As a security expert with more than 16 years of experience, she’s worked in different business areas challenging different security states through a unique viewpoint and by adding a sense of humour.

Although Victoria is passionated about all areas of security, the most significant interest lies in DevSecOps, Identity and access management and Cloud Security. To Victoria, Zero Trust and  heavy focus on security in development by shifting it left, is the way to go.

You can find her either working for Microsoft and helping customers or on a stage, where she shares security practices sometimes in an opinionated and humorous way.

Best practices for securing CI/CD pipeline

DevOps practices are in a place; containers are everywhere, pipelines are flying. We do Agile. We do DevOps. Now we try to follow security practices for protecting the deployed resources, too. This is why DevSecOps is not hype anymore and is gaining more prominence. There is a lot of information about DevSecOps, but how to do it properly? Where to start? What are the best practices?

In this session, we will walk through an end-to-end scenario where we will deploy infrastructure components securely to Azure using Azure DevOps and GitHub, Azure Container Registry and security tools. We will build a pipeline with security in mind to protect and detect potential security flows during the build.

You will learn:

  • How to build end-to-end CI/CD pipeline that builds the application and deploys infrastructure on Azure with security checks for the application, containers and infrastructure;
  • What are the security tools available for CI/CD pipeline and how to implement them in the best way into different Git workflows;
  • Best practices and patterns of building security pipelines.