My DevSecOps Journey

Intensity makes a good story, Consistency makes progress
- James Clear

I could say I have everything figured out while starting but that would be untrue. I have had this struggle of being consistent in learning in my tech journey for a while which was due to some circumstances beyond my control and some I would say procrastination. Early this year in January, I decided to be better and stay consistent in whatever I engage in. Having little knowledge on how to go about things. I was surfing my favorite social media, Twitter, and came across a tweet by Ruth Ikegah about booking a call with her to talk in her free time. I saw this as a great opportunity to connect and learn from her. I was elated and scheduled a call with her.

I have always admired those that stayed consistent in their tech journey and one of them is Ruth Ikegah. During the call, she encouraged me about public learning, documenting my learning journey, being creative, and how important it was to have a consistent learning pattern. This was a stepping stone!!!

I decided to commit to public learning with the hashtag #100DaysOfDevSecOps

Having completed She Code Africa Cloud School Cohort 2. I decided to take my learning in DevOps further by integrating security. I have always had a thing for security and with my knowledge of DevOps engineering, I decided to go into DevSecOps. For those that are curious or would be hearing the term DevSecOps for the first time.

DevSecOps stands for development, security, and operations. It’s an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle. - Red Hat

I will be giving a summary of all I have covered thus far during the first month of this journey.

Cybersecurity

To gain the basics of Cybersecurity, I enrolled in Cisco’s Intro to Cybersecurity course. The idealogy of security solely handled by the security team is untrue as this is a shared responsibility of the entire IT team. A model well known in the security industry is known as “The CIA triad” which represents Confidentiality, Integrity, and Availability. As much as certain organizations seem to implement various security practices, it is paramount that they take the CIA triad model seriously to avoid attacks. For example, a developer should ensure security best practices for application development are implemented without relying solely on the security team.

Networking

A good understanding of networking is also important in security. I signed up for Cisco’s Networking Essentials course to learn basic concepts on networking and also used the book “Computer Networks” by Andrew Tanenbaum, Nick Feamster, and David Wetherall as reference material for further learning. I learned how the internet is a worldwide collection of interconnected networks(“network of networks”) and how signals can be transmitted via three methods.

  • Electrical signals
  • Optical signals
  • Wireless signals.

The course has some hands-on labs on how to deploy devices and cable them using a simulated environment( Packet tracer). This is almost like a physical hands-on with everything in place to understand how devices are cabled. Below are images of some devices that I cabled using the packet tracer.

A simple diagram of devices connected to a router
Deployed and cabled devices using Cisco packet tracer

When it comes to networking, one model comes to mind more frequently, The OSI model. The Open Systems Interconnection Model(OSI) is a fundamental framework in networking that determines the various stages in which data is handled across a network. It simply breaks down what happens in the cables as well as the computer system. The OSI framework was made to solve compatibility issues across networks amongst other benefits (i.e Data sent across a network with the OSI model can be understood by other devices.)

Open Systems Interconnection Model

Docker

The process of building in different environments got simpler with Docker. I started out with TechWorld with Nana’s youtube video “Docker Tutorial for Beginners” this gave me an overview of what Docker entails, and how the executable docker container contains all that is required to run an application.

At a point, I felt confused and thought I wasn't on the right path and decided to seek direction. I reached out to Obinna Odirionye and he gave me insights on how to go about my learning. He also recommended courses that would be helpful in my journey. One of them was Docker for web developers from which I learned docker in-depth. At the end of the course, I was able to learn how to build docker images, push the images to docker hub, mount docker volumes, manage multiple docker images using docker-compose, and also had a brief introduction to Kubernetes.

Kubernetes

This was a new terrain to thread on as I had only learned about it without practical hands-on. Kubernetes is simply a container orchestrator used for automating, deploying, scaling, and managing containerized applications.

I started out with the Udemy course recommended by Obinna Odirionye for Kubernetes “Learn DevOps: The Complete Kubernetes Course”. I also used Kubernetes documentation as a reference to understand better. I began having an information overload 😥

At this point, I started struggling to learn, and then I knew I needed a break, so I took a break.

Back to learning Kubernetes, it was a bit easier. I began practicing the demos and trying out things. Thus far, I have learned how to create a Google Kubernetes Engine (GKE) cluster, create a Kubernetes cluster on Google cloud using kops, run an application on Kubernetes, scale pods horizontally with replication controller, create, updates, and roll back deployments amongst other basics.

Meanwhile, I am currently taking the beginner paths on the Security platform, Tryhackme which has given me practical experience on the basics of security. This article won’t be complete without my appreciation to those that have been helpful towards my learning journey by sharing resources, cheering me on, and always being ready to help me…..Ruth Ikegah, Wachukwu Emmanuel, Gigi Kenneth, Obinna Odirionye, Tammy Ogurinka, Fortune Ikechi, Edidiong Etuk, Tosin Amuda, Yaniv, @_4u2nv, Iretioluwa Akerele, @UwAboRTechInC

I am still on this learning journey and can’t wait to experience what the coming days have in store for me. I look forward to writing articles about individual learnings.

I hope you enjoyed this article, leave some claps👏 below if you did.

Merci🙏

--

--

--

DevSecOps

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

September 10, 2021 : PRV Token Weekly Recap

VulnHub: STAPLER: 1

{UPDATE} Las figuras geométricas y Los tipos de triángulos Hack Free Resources Generator

Are We Risking Our Security And Safety From Biosecurity?

What is a Distributed Denial-Of-Service Attack? Are You Protected

How to Transfer Domain Name From One Host to Another?

The underlying principle of SQL Injection Attack

TryHackMe: Ice

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Faith Kovi

Faith Kovi

DevSecOps

More from Medium

Visualizing Sound in the Wild

CS371p Spring 2022: Vincent Huynh

disquieting sentences (house — a rest)