Talk round-up from 'Securing The Cloud: DevOps Best Practices for Secure Operations'
Lawrence JonesLead Engineer @ incident.io

***

 

Our final talk of the evening came from our hosts very own Lawrence Jones, a product engineer at incident.io who are leading incident response company. Their platform allows tech companies to rapidly fix and learn from incidents in order to build more resilient products. Founded in 2021 with $28 million in Series A funding the team has grown to 55 across London and New York.

Lawrence’s talk focused on Cloud Security from the start up perspective, he was the first hire at Incident back in 2021 which makes him very well placed to talk us through how he started from scratch. He initially focused on how he built out infrastructure which they could grow into as they scaled.

Lawrence talked us through his key principles for building from the ground up in the ‘right way’. Firstly, was keeping things simple and not producing vast quantities of documentation which new hires, would have to trawl through slowing processes down. In a similar vein is consistency by this he explains that processes should be standardised to ensure that core guidelines are adhered to when, e.g., deploying front end applications. Finally, was being secure by default, as a business that deals with external companies’ sensitive data this is a top priority. Utilising simplicity and consistency when outlining core security guidelines, they can ensure any external risks are minimised.

 

Lawrence then moved on to talk about the practicalities behind ensuring a start ups infrastructure is set up correctly from his own experience he referred to these as the ‘Table stakes’. Firstly came finding a model for an ‘application’ and ‘environment’ when a company plans out their infrastructure Lawrence stressed the importance of making sure key stakeholders within the business are onboard with these models especially at an early stage.

He then moved on to outline the importance of using Infrastructure of Code for every production as supposed to hand provisioning the reason being that IAC is a lot more efficient for modifying later down the line. Lastly Lawrence set out that individual developers should have their own environment for local dev this will allow them to become far more familiar with their infrastructure through experimentation and testing. 

To hear Lawrence's full talk head over to our YouTube and watch the recording 📹