DevSecOps

This deck teaches the minimum security fundamentals you must reason with in DevSecOps: what cryptographic primitives do, how keys and signatures are used, how certificates and PKI determine trust, what TLS/HTTPS/mTLS protect (and do not), and how identity, credentials, tokens, and secrets behave in real systems. It is built to support interview explanations by focusing on concrete checks and decisions systems make.

This deck teaches how identity and access systems decide who is calling, what proof they accept, and what actions are allowed, for both humans and services. It focuses on the exact checks systems perform (verification, token validation, policy evaluation, boundary enforcement, and mTLS identity) so you can explain real-world behavior and failure impact in interviews without relying on vague definitions.

This deck teaches how token-based authentication protocols work in real systems: what tokens are versus credentials, how bearer tokens behave in APIs, and how servers validate lifetime, rotation, scopes, and audience. It also builds clear mental models for OAuth 2.0 and OpenID Connect (OIDC), explains how SSO and federation relate, and covers the common implementation failures that cause token theft, replay, wrong-audience acceptance, or identity confusion.

This deck teaches how systems handle secrets and cryptographic material in practice: where secrets can be stored safely, how they get injected into runtimes, how rotation actually works, and the most common leak paths. It also clarifies the applied differences between secrets, keys, and certificates, builds accurate mental models for KMS and HSM, and explains envelope encryption so you can reason about compromise impact and recovery steps in interviews.

This deck teaches how CI/CD supply chain security works at the system level: what a build artifact is, how immutability and reproducibility change trust, how artifact signing and provenance are validated, and how dependency trust is established or broken. It also maps CI trust boundaries and the most common breach paths so you can explain, in interviews, exactly how attackers move from source code or CI to production and what checks stop them.

This deck teaches what runtime and networking controls actually check and enforce: which network flows are allowed, how services authenticate and authorize other services, what a process is permitted to do at runtime, and how isolation boundaries limit blast radius. It also covers how attackers move laterally after one foothold, how containment works mechanically, and how “zero trust” is implemented as repeated per-request verification rather than a network assumption.

This deck teaches how cloud governance works mechanically when infrastructure is defined as code: what fails in Infrastructure as Code (IaC), how policy as code evaluates changes, which IAM misconfigurations create real access paths, and how guardrails differ from enforcement. It also explains drift and CSPM concepts as detection systems, then ties everything into secure baseline thinking so you can reason about preventing, detecting, and containing misconfigurations.

This deck teaches how common identity and secret failures turn into real incidents: token leakage, secret compromise, certificate misuse, over-permissioned services, and broken trust boundaries. It also explains the mechanics of detection versus prevention, how containment actually limits blast radius, why root cause analysis timing matters, and how to choose between recovery and rebuild based on what the system can still trust.

This deck teaches how to do threat modeling and make risk decisions in a way that holds up in interviews: identifying assets, mapping trust boundaries, using the STRIDE mental model to generate threats, writing abuse cases as concrete attacker flows, and selecting controls that actually block or detect those flows. It also covers risk trade-offs as explicit decisions about what is prevented, what is only detected, and what residual risk remains.

This deck teaches incident management as concrete system operations: how detections become triage, how severity and scope are assessed using evidence, which containment changes actually make attacker actions fail, how to collect and preserve evidence, and how to reconstruct a timeline from logs and artifacts. It also covers when to do root cause analysis, how to choose eradication vs recovery vs rebuild, how to rotate credentials safely, how IaC rollback interacts with drift, and what post-incid

This deck teaches vulnerability management as an operational system: how findings are discovered, triaged, fixed, and verified; how severity scoring maps to real risk via exploitability and impact; and how different scanners (SCA, SAST, DAST, image scanning) actually produce findings. It also covers SBOM usage, why false positives and false negatives happen, patching and version pinning trade-offs, how to verify remediation, and how exceptions and compensating controls are handled without losing

This deck teaches detection as a system: what logs, metrics, and traces capture; how audit logs bind actions to identities; how detection rules make allow/deny-style decisions from fields; and how alert quality fails when signals are missing or noisy. It also covers baseline/anomaly mechanics, detection patterns for token misuse and lateral movement, signals for CI/CD and artifact tampering, log integrity and tamper resistance, retention/access controls for telemetry, and how to triage alerts by

This deck teaches Kubernetes security as concrete enforcement mechanics: how the API server authenticates requests and authorizes them via RBAC, how service accounts and tokens are used in-cluster, how admission control and Pod Security block unsafe specs, how NetworkPolicies enforce traffic rules, and how runtime isolation and container permissions limit damage. It also covers trust boundaries and bypass paths around the API server, plus supply-chain trust in manifests and Helm so you can expla

This deck teaches container security as a chain of trust and enforcement: how image build inputs cross trust boundaries, how digest pinning makes "what runs" stable, how signing/verification gates block tampered artifacts, and how minimal images reduce installed attack surface. It also covers runtime permissions (user and Linux capabilities), syscall filtering with seccomp, policy enforcement with AppArmor/SELinux, host mount risks, container escape boundary failures, registry risks like retaggi

This deck teaches data security as concrete system controls: how data is identified and classified, how access control decisions are enforced, and how encryption in transit and at rest differ in what they stop. It covers key management patterns including envelope encryption, the mechanical difference between tokenization and encryption, and integrity checks using hashes, Message Authentication Codes (MAC), and digital signatures. It also covers retention and deletion mechanics, backups and resto

This deck teaches Secure SDLC as mechanical controls that shape what can ship: where trust boundaries sit from code to runtime, where threat modeling plugs into planning and change review, and how secure defaults and baselines are enforced. It covers what reviewers actually verify, what CI/CD gates must block, how dependency changes are controlled via lockfiles and update flows, how secrets are prevented and detected in repos and pipelines, how release risk decisions and exceptions are recorded,