DevSecOps Consultant for small & medium companies. I enjoy all things code and have 20 years of experience in Information Systems and Dev.
The goal of DevSecOps is to integrate all security checks, tests and audits in development pipelines so that security doesn’t slow down the development process and code is shipped securely. Security shouldn’t be an afterthought and I can help you make it part of your processes!
What you get:
- Consulting to understand the security you want to integrate into your existing processes.
- Advise on how to integrate
- Plan of action on how to implement
DevOps teams looking to implement security tools inside pipelines so that security is a part of the CI/CD process.
We provide consulting to understand your existing process, the technologies used and the goals you want to achieve so that we can create automated workflows that leverage your existing technologies like Microsoft Power Automate, Flow, ServiceNow, Jira, Powershell or Python.
Repetitive tasks often take a big part of your teams effort and with automated workflows you can spend that time innovating instead of repeating a set of tasks.
I often get asked this question and have helped a lot of businesses move from hosting provides to cloud providers like Amazon AWS, Microsoft Azure, Google Cloud Platform or Heroku and others. One of the advantages is that you manage or have visibility on the underlying technology hosting your site. Depending on the site you have you will need a virtual machine (old school), containers in Kubernetes or the best case will be to go serverless in the form of a Web App, Function or Lambda.
I agree on Google Analytics for simplicity but there are a lot of OSS tools you can also leverage if you want to keep your data private. Example: Elasticsearch has a lot of integrations to collect and graph website traffic.
The one thing I recommend clients in the Web3 space is to implement DevSecOps as part of their software development cycles. When you study breaches in this space they are often initiated by misconfigurations or bad practices so better to implement it right from the start so that you can be in business for the long run!
There are many ways to secure a website but my quick advise is to implement security at the early stages of your development. I've worked with a lot of developers and shown them how they can leverage tools like Snyk to review their code and provide fixes.
Most of the time security is done after the code is written and this causes delays. Some other times code reaches servers and then are scanned for vulnerabilities which is the same thing that hackers are doing to find exploits so I highly recommend DevSecOps as a start!