Resilient Cyber - Episode 9 - Matt Johnson - Infrastructure as Code (IaC)

Overview: In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson sit down with Matt Johnson from BridgeCrew.io to discuss the growing importance of infrastructure as code (IaC) and its role in enhancing security in today’s fast-paced, cloud-driven environments. Matt, a developer advocate at BridgeCrew, shares his insights on how IaC helps tackle traditional challenges in IT, such as asset inventory and security misconfigurations, by integrating security into the development process. The conversation also delves into the benefits of shifting security left, the role of compliance as code, and the challenges of managing security in dynamic, cloud-native infrastructures.

Highlights:

• Infrastructure as Code (IaC): Matt explains how IaC allows organizations to track and version their infrastructure just like application code, making it easier to manage and secure dynamic environments.

• Addressing Security Early: The episode emphasizes the importance of catching security issues early in the development lifecycle through tools like VS Code plugins that integrate security checks directly into the developer's workflow.

• Compliance as Code: The discussion highlights the advantages of automating compliance checks within the CI/CD pipeline to ensure that security and compliance are maintained without slowing down development.

• Challenges of Dynamic Environments: Matt discusses the difficulties of securing ephemeral cloud environments where infrastructure can change rapidly, underscoring the need for automated security and compliance checks.

• Future of IaC and Security: The conversation touches on the future of IaC, including the potential for more standardized, templatized architectures that align with specific compliance requirements, and the ongoing need for a robust, automated security posture.