DevSec For Scale Podcast – Better Security Awareness for DevOps w/ Hila Fish, Wix

In this episode of the “DevSec for Scale” podcast, Jeremy Hess interviews Hila Fish, a senior DevOps engineer at Wix. Hila emphasizes the importance of cultivating a security mindset in DevOps from the start. She believes that consistently practicing security measures as part of daily routines can embed this mindset into regular workflows, making security a natural aspect of the development process.

Hila explains that DevOps engineers are uniquely positioned to be security-aware because they are responsible for the stability and security of the entire environment. Unlike developers who focus on functionality, DevOps engineers must ensure that the infrastructure is both reliable and secure. This responsibility makes security a crucial part of their job, even if it isn’t explicitly stated in their job descriptions.

She also shares her philosophy on the relationship between DevOps and security, stressing the need for change and integration. Hila argues that if security is treated as an integral part of DevOps from the beginning, it will eventually become second nature. She highlights the importance of collaboration and proactive measures, such as limiting network access and implementing multi-factor authentication, to enhance security without hindering daily workflows.

In her tips for developers and DevOps engineers, Hila advises starting with a clean and secure setup when creating infrastructure. This includes limiting access, using multi-factor authentication, and securing secrets properly. She also underscores the importance of collaboration and open communication with security teams to identify and mitigate potential vulnerabilities. By incorporating these practices, engineers can help ensure the security of their systems and contribute to a safer overall environment.