My DevSecOps Journey
Intensity makes a good story, Consistency makes progress
- James Clear
I could say I have everything figured out while starting but that would be untrue. I have had this struggle of being consistent in learning in my tech journey for a while which was due to some circumstances beyond my control and some I would say procrastination. Early this year in January, I decided to be better and stay consistent in whatever I engage in. Having little knowledge on how to go about things. I was surfing my favorite social media, Twitter, and came across a tweet by Ruth Ikegah about booking a call with her to talk in her free time. I saw this as a great opportunity to connect and learn from her. I was elated and scheduled a call with her.
I have always admired those that stayed consistent in their tech journey and one of them is Ruth Ikegah. During the call, she encouraged me about public learning, documenting my learning journey, being creative, and how important it was to have a consistent learning pattern. This was a stepping stone!!!
I decided to commit to public learning with the hashtag #100DaysOfDevSecOps
Having completed She Code Africa Cloud School Cohort 2. I decided to take my learning in DevOps further by integrating security. I have always had a thing for security and with my knowledge of DevOps engineering, I decided to go into DevSecOps. For those that are curious or would be hearing the term DevSecOps for the first time.
DevSecOps stands for development, security, and operations. It’s an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle. - Red Hat
I will be giving a summary of all I have covered thus far during the first month of this journey.
To gain the basics of Cybersecurity, I enrolled in Cisco’s Intro to Cybersecurity course. The idealogy of security solely handled by the security team is untrue as this is a shared responsibility of the entire IT team. A model well known in the security industry is known as “The CIA triad” which represents Confidentiality, Integrity, and Availability. As much as certain organizations seem to implement various security practices, it is paramount that they take the CIA triad model seriously to avoid attacks. For example, a developer should ensure security best practices for application development are implemented without relying solely on the security team.
A good understanding of networking is also important in security. I signed up for Cisco’s Networking Essentials course to learn basic concepts on networking and also used the book “Computer Networks” by Andrew Tanenbaum, Nick Feamster, and David Wetherall as reference material for further learning. I learned how the internet is a worldwide collection of interconnected networks(“network of networks”) and how signals can be transmitted via three methods.
- Electrical signals
- Optical signals
- Wireless signals.
The course has some hands-on labs on how to deploy devices and cable them using a simulated environment( Packet tracer). This is almost like a physical hands-on with everything in place to understand how devices are cabled. Below are images of some devices that I cabled using the packet tracer.
When it comes to networking, one model comes to mind more frequently, The OSI model. The Open Systems Interconnection Model(OSI) is a fundamental framework in networking that determines the various stages in which data is handled across a network. It simply breaks down what happens in the cables as well as the computer system. The OSI framework was made to solve compatibility issues across networks amongst other benefits (i.e Data sent across a network with the OSI model can be understood by other devices.)
The process of building in different environments got simpler with Docker. I started out with TechWorld with Nana’s youtube video “Docker Tutorial for Beginners” this gave me an overview of what Docker entails, and how the executable docker container contains all that is required to run an application.
At a point, I felt confused and thought I wasn't on the right path and decided to seek direction. I reached out to Obinna Odirionye and he gave me insights on how to go about my learning. He also recommended courses that would be helpful in my journey. One of them was Docker for web developers from which I learned docker in-depth. At the end of the course, I was able to learn how to build docker images, push the images to docker hub, mount docker volumes, manage multiple docker images using docker-compose, and also had a brief introduction to Kubernetes.
This was a new terrain to thread on as I had only learned about it without practical hands-on. Kubernetes is simply a container orchestrator used for automating, deploying, scaling, and managing containerized applications.
I started out with the Udemy course recommended by Obinna Odirionye for Kubernetes “Learn DevOps: The Complete Kubernetes Course”. I also used Kubernetes documentation as a reference to understand better. I began having an information overload 😥
At this point, I started struggling to learn, and then I knew I needed a break, so I took a break.
Back to learning Kubernetes, it was a bit easier. I began practicing the demos and trying out things. Thus far, I have learned how to create a Google Kubernetes Engine (GKE) cluster, create a Kubernetes cluster on Google cloud using kops, run an application on Kubernetes, scale pods horizontally with replication controller, create, updates, and roll back deployments amongst other basics.
Meanwhile, I am currently taking the beginner paths on the Security platform, Tryhackme which has given me practical experience on the basics of security. This article won’t be complete without my appreciation to those that have been helpful towards my learning journey by sharing resources, cheering me on, and always being ready to help me…..Ruth Ikegah, Wachukwu Emmanuel, Gigi Kenneth, Obinna Odirionye, Tammy Ogurinka, Fortune Ikechi, Edidiong Etuk, Tosin Amuda, Yaniv, @_4u2nv, Iretioluwa Akerele, @UwAboRTechInC
I am still on this learning journey and can’t wait to experience what the coming days have in store for me. I look forward to writing articles about individual learnings.
I hope you enjoyed this article, leave some claps👏 below if you did.