Config Management Camp 2023 Ghent

Sefi Genis

As the CTO and Co-Founder of Firefly, Sefi Genis brings a wealth of experience to the table. Beginning his career in the prestigious 8200 Unit of the Israeli Intelligence Corps, he quickly transitioned into the world of security and developer tooling. At Dome9 Security (later acquired by Checkpoint), Sefi played a pivotal role as a founding engineer, and eventually took on the role of leading the Backend Infrastructure of the product post-acquisition. Before starting Firefly, he served as Head of Engineering for an Israeli cybersecurity startup company. Now, he is dedicated to building Firefly to assist engineers in navigating the complexities of cloud native operations.

The speaker's profile picture

Sessions

02-06
17:10
50min
Lessons Learned from Writing Thousands of Lines of IaC
Sefi Genis

Immutable architecture is the backbone of infrastructure as code, to ensure production environments cannot be changed during runtime. While this has the benefits of its inherent safety measures, this can also be restrictive, all while creating new challenges for security. Immutable concepts are much more effective when it comes to securing cloud-native environments and infrastructure, which is becoming an increasingly more complex task.

This talk will focus on some of the fundamentals of immutable architecture, best practices, and recommended design patterns to work around its limitations and enhance security, as well as what you most certainly should not be doing when running immutable architecture both from an infrastructure and security perspective.

This will be demonstrated through a real-world example of deploying a single-tenant SaaS in an automated pipeline, typical challenges encountered, and what was learned on the way, through a Terraform, Kubernetes, and step functions example.

B.1.015