Skip to content

Basic Security

There are some fundamental security concepts you really need to know coming into this industry. Without knowing these basics you'll struggle to create secure solutions for clients/customers and you'll be unable to talk the talk with others in the industry. Security has always been important but as time passes the average computer user is becoming more vulnerable to scams and businesses are being attacked more often. It's our responsibility to build platforms and solutions that are secure from inception until decommissioned.

Wikipedia defines computer security as:

Computer security, cybersecurity, or information technology security (IT security) is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. - https://en.wikipedia.org/wiki/Computer_security

We're going to focus on cybersecurity and what you can do to build more secure solutions from the beginning, but we have to careful too because cybersecurity is an even bigger topic than networking is. If we're not careful we'll over think this and study this topic way too much.

Basic Concepts

Let's focus on a few key areas that I know will enable you to be a great security conscious engineer in a DevOps environment:

  • Data Security
  • Transport Security
  • Password and Secrets Management
  • Continuous Integration
  • OWASP

Data

Topic Resource Location Link
Encryption Basics Kaspersky Kaspersky Encyclopedia
Symmetric Encryption Kaspersky Kaspersky Encyclopedia
Asymmetric Encryption (Public Key Encryption) Kaspersky Kaspersky Encyclopedia
Full Disk Encryption Kaspersky Kaspersky Encyclopedia

Transport

Topic Resource Location Link
Transport Layer Security (TLS) Kaspersky Kaspersky Encyclopedia
Virtual Private Network (VPN) Kaspersky Kaspersky Encyclopedia
mTLS (Zero Trust) Wikipedia mTLS

Authentication

Topic Resource Location Link
Password Management Wikipedia Password Manager
Multi Factor Authentication Wikipedia Multi-factor Authentication
OAuth Wikipedia OAuth
OpenID Connect Wikipedia OpenID Connect (OIDC)
Single Sign-on Wikipedia Single Sign-on

OWASP

This is an interesting topic. I'm including this here as I believe things like the OWASP Top Ten are security concerns you should be aware of. Security testing is something you should consider looking at in the future. These are things that are interesting and will definitely help you in the long run, but don't stress too much about the below.

Topic Resource Location Link
Top Ten OWASP owasp.org
Top 10 Low-Code/No-Code Security Risks OWASP owasp.org
Security Knowledge Framework OWASP owasp.org
Web Security Testing Guide OWASP owasp.org