2025-12-13 –, Rookie Track 1
As part of my master’s program, I managed the deployment and DevOps pipeline for a student project, ExpensePal, a web-based expense tracker. Early on, security wasn't our focus. We were excited about automating builds with Jenkins, deploying to AWS, and seeing pipelines pass. But a small misconfiguration nearly exposed sensitive information, turning security from an afterthought into a critical concern.
In this rookie-level talk, I will share what this experience taught me about integrating security into DevOps workflows. I’ll cover mistakes we made, guidance from mentors, and small but powerful practices; peer reviews, secrets scanning, and IAM hygiene, that improved our deployment process.
This talk is aimed at beginners in DevOps and cloud environments. Attendees will learn that security isn’t an afterthought; it’s a mindset. Even newcomers can make a meaningful impact by embedding security into deployment practices from the start.
In this 15-minute rookie talk, I will share my first experiences managing the deployment and DevOps workflow for ExpensePal, a student project during my master’s program. While building the app was one challenge, the bigger learning came from setting up CI/CD pipelines with Jenkins and deploying to AWS. In the rush to automate and deliver, security was initially overlooked.
A small misconfiguration almost exposed sensitive data, highlighting both technical and cultural gaps: how teams approach security in deployments, communicate risks, and integrate safe practices into daily DevOps workflows. I’ll walk through the lessons learned, including implementing peer reviews for deployment changes, scanning pipelines for secrets, and following IAM best practices.
This talk emphasizes practical, beginner-friendly insights rather than advanced exploits. Attendees will see how even small, deliberate steps can embed security into DevOps workflows. By sharing my rookie journey through a real deployment project, I aim to encourage other newcomers to treat security as an integral part of development and deployment culture, not an afterthought.
Prevail is a master’s student and DevOps practitioner with a background in software engineering and cloud deployments. She has hands-on experience building and managing CI/CD pipelines for web applications, including leading the deployment of ExpensePal, a full-featured student expense tracker. Passionate about bridging development and security, she focuses on sharing practical, beginner-friendly lessons that help newcomers see how security can be integrated into real-world DevOps workflows.