1.It is more and more important to understand the related security risk and complexity as the penetration rate of IaC raises.
Currently Infra put a lot of efforts to establish IaC best practices, so it is less to involve IaC security general resource
and process, especially identity authentication and authorization solution or security risk control of network setting.
So engineers work hard on intrastructure security process to define ideal security strategy in CI/CD fast process.
2.At the same time, IaC security strategy and developer/maintenace personnel would react different warning, and establish
processing rules to each warning.
I work on DevOps and Security implementation to improve workflow.
Our goal is to find a balance between developement and maintenance to lower the security risk and cost, and
save the time to improve the quality of life.