Merge branch 'MichaelCade:main' into main

2023/day01.md

@@ -1 +1,65 @@
-This is a test
+## 2022 Reflection & Welcome 2023
+
+Hey everyone and welcome to the 2023 edition of #90DaysOfDevOps in this Day 1 post the plan is to reflect on the 2022 edition and some statistics, feedback, and ideas that we have had during the year. 
+
+### 2022 Recap 
+
+First, WOW! To think that the mission I thought up on New Year’s Eve 2021 was to spend the first 90 days of 2022 learning and documenting that learning, basically writing some notes after watching some much smarter people than me on YouTube. 
+
+Fast forward a year, and we have some amazing numbers on the repository, I think I mentioned at least somewhere in the repository, but I know I have mentioned elsewhere many times any content is worth doing if it helps even just one person, to have the numbers that we have here from stars to forks is incredible. 
+
+![](images/day01-1.jpg)
+
+Also, nearly **500** watchers of the repository! 
+
+First, I want to thank everyone for sharing the repository with the community. Hearing that Microsoft and other massive tech vendors have shared this with their teams is humbling. 
+
+Secondly, I would like to thank the contributors. This started out as a place to take notes and learn in public, and it wasn't until a few days in that saw people correcting my poor spelling and grammar. (I am sure the same will happen this year) But the biggest and most amazing thing was the community that started to translate the repository into their native language! How amazing to think this was happening and helping non-native English speakers learn more about the powers of DevOps. 
+
+![](images/day01-2.png)
+
+If you would like to find the amazing contributors on the repository, then you can head to the [Contributors](https://github.com/MichaelCade/90DaysOfDevOps/blob/main/Contributors.md)
+
+### Continuous Learning 
+
+I mentioned and mentioned a lot that we are never done learning, if you think you are then you picked the wrong industry as things are changing all the time and at a rapid pace. 
+
+It is for that reason we must keep learning, learning for some is a challenge and for those people, I urge you to find a medium that you enjoy. I have always enjoyed documenting something I learn to like this and then getting hands-on. The premise of this project is exactly that, it is about a foundational knowledge of some of the key areas of DevOps and the tooling that achieves this, you are not going to be a graduated DevOps engineer by following along but you are going to have a better understanding of terminology and getting hands-on with some technologies that maybe you do not see on a day-to-day basis. 
+
+I also want to add that everyone is constantly evolving and learning, it doesn't matter if you are the CTO of a software company or a Systems Administrator wanting to learn more about automation, everyone is learning, and that little imposter syndrome feeling is normal. My advice is to run towards it vs running away from it and you will absolutely reap the rewards, also learn what you enjoy this makes learning more enjoyable. 
+
+### Security focused 
+
+For those that have been following along, you will have known that the biggest area we missed out on in the 2022 edition was security aptly named DevSecOps and how we integrate security into that infinite DevOps cycle to ensure we are always thinking about security. 
+
+In this edition, we will be diving headfirst into the security processes and principles as it obtains to DevSecOps heavily in this version and getting to some more topics that we missed in the first round. 
+
+### A little help from my friends 
+
+The 2022 edition was the equivalent of writing a blog post each day. We were well over 100k words and if we were to spin this into an eBook which was an option and instructions can be found in the repository if you so wish but you would find over 700 pages of A4 paper in total. The book idea is not dead and buried and I am working on a smaller version behind the scenes that might be a nice giveaway at a conference near you along with our amazing stickers. 
+
+Another gap for me and maybe this was the authenticity of the project as I was just starting to learn and documenting that learning journey in some of these areas. This time around I have asked some friends in the community to help. 
+
+There are two reasons for this: 
+
+1. I think it is important to get different perspectives across topics and also, we are all going to learn best if we hear from subject matter experts in those specific topic areas. 
+
+2. Some of the friends that will be helping here will have the opportunity to grow their brand and potentially even speak at events about their topics and the over the project. 
+
+You can find the 2023 authors on the opening 2023.md page with links to their bios and contact details. 
+
+I think it is also time to be very clear about the project. Nobody is being paid to write, nobody is being paid to talk about the project. I was approached about sponsorship several times, but the premise of this project is for it to remain impartial, free and for the community. Yes, we have used some projects and products throughout but none of the companies have sponsored or had a say in what has been written. 
+
+Finally, my employer Veeam Software, I am extremely lucky to have a company that enables me to be part of the community and document my learnings without interference. I don't work a traditional 9-5 and I am sure many people reading this do not either, but I am free to create content like this project. 
+
+### Resources 
+
+Throughout the project and the previous 2022 edition you will find the resources section, this is a list of content that I or my fellow authors have been through and if you want to learn more than you are reading here go and grab this content. 
+
+You can find the 2022 edition [here](https://github.com/MichaelCade/90DaysOfDevOps/blob/main/2022.md)
+
+But also some community members have been busy at work transforming and creating a new look and feel through [GitHub Pages](https://www.90daysofdevops.com/#/)
+
+On the [2023 page](https://www.90daysofdevops.com/#/2023) you will also find ways to interact and join the community. 
+
+With that said let's get into things with [Day 2](day02.md).

2023/day02.md

@@ -0,0 +1,85 @@
+## The Big Picture: DevSecOps
+
+Welcome to Day 2 of the 2023 edition here in this first module of the next 6 days we are going look at the foundational overview around DevSecOps. 
+
+### What is DevSecOps? 
+
+DevSecOps is a software development approach that aims to bring together development, security, and operations teams to build and maintain secure software applications. It is based on the principles of continuous integration, continuous delivery, and continuous deployment, which aim to deliver software updates and features more quickly and frequently. In DevSecOps, security is an integral part of the software development process, rather than an afterthought. This means that security testing, monitoring, and other security measures are built into the software development life cycle (SDLC) from the beginning, rather than being added later. DevSecOps aims to improve collaboration and communication between development, security, and operations teams, to create a more efficient and effective software development process.
+
+### DevSecOps vs DevOps 
+
+I use the "vs" lightly here again but if we think back to the 2022 edition and the goal of DevOps is to improve the speed, reliability, and quality of software releases.
+
+DevSecOps is an extension of the DevOps philosophy that emphasizes the integration of security practices into the software development process. The goal of DevSecOps is to build security measures into the software development process so that security is an integral part of the software from the start, rather than an afterthought. This helps to reduce the risk of security vulnerabilities being introduced into the software and makes it easier to identify and fix any issues that do arise.
+
+DevOps focuses on improving collaboration and communication between developers and operations staff to improve the speed, reliability, and quality of software releases, while DevSecOps focuses on integrating security practices into the software development process to reduce the risk of security vulnerabilities and improve the overall security of the software.
+
+### Automated Security 
+
+Automated security refers to the use of technology to perform security tasks without the need for human intervention. This can include things like security software that monitors a network for threats and takes action to block them, or systems that use artificial intelligence to analyse security footage and identify unusual activity. Automated security systems are designed to make security processes more efficient and effective, and to help reduce the workload on security personnel.
+
+A key component of all things DevSecOps is the ability to automate a lot of the tasks at hand when creating and delivering software, when we add security from the start it means we also need to consider the automation aspect of security. 
+
+### Security at Scale (Containers and Microservices)
+
+We know that the scale and dynamic infrastructure that has been enabled by containerisation and microservices have changed the way that most organisations do business. 
+
+This is also why we must bring that automated security into our DevOps principles to ensure that specific container security guidelines are met. 
+
+What I mean by this is with cloud-native technologies we cannot only have static security policies and posture; our security model also must be dynamic with the workload in hand and how that is running. 
+
+DevOps teams will need to include automated security to protect the overall environment and data, as well as continuous integration and continuous delivery processes. 
+
+The below list is taken from a [RedHat blog post](https://www.redhat.com/en/topics/devops/what-is-devsecops)
+
+- Standardise and automate the environment: Each service should have the least privilege possible to minimize unauthorized connections and access.
+
+- Centralise user identity and access control capabilities: Tight access control and centralised authentication mechanisms are essential for securing microservices since authentication is initiated at multiple points.
+
+- Isolate containers running microservices from each other and the network: This includes both in-transit and at-rest data since both can represent high-value targets for attackers.
+
+- Encrypt data between apps and services: A container orchestration platform with integrated security features helps minimize the chance of unauthorized access.
+
+- Introduce secure API gateways: Secure APIs increase authorization and routing visibility. By reducing exposed APIs, organizations can reduce surfaces of attacks.
+
+### Security is HOT right now
+
+One thing you will have seen regardless of your background is that security is hot all over the industry, this is partly to do with security breaches appearing in global news and big brands being affected by security vulnerabilities or following potential bad practices allowing bad actors into the networks of these companies. It is fair to say or at least from my perspective the creation of software is much more achievable and obtainable now than it ever has. But in creating software it is increasingly exposed with vulnerabilities and the like which allows the bad actors to cause havoc and sometimes hold data to ransom or shut down businesses causing mayhem. We have discussed so far what is DevSecOps but I think it is also worthwhile exploring the cybersecurity side of the attack vector and why we protect our software supply chain to help avoid these cyber-attacks. 
+
+### Cybersecurity vs DevSecOps
+
+As the heading goes it is not really a vs but more of a difference between the two topics. But I think it is important to raise this as really this will explain why Security must be part of that DevOps process, principles, and methodology. 
+
+Cybersecurity is the practice of protecting computer systems and networks from digital attacks, theft, and damage. It involves identifying and addressing vulnerabilities, implementing security measures, and monitoring systems for threats.
+
+DevSecOps, on the other hand, is a combination of development, security, and operations practices. It is a philosophy that aims to integrate security into the development process, rather than treating it as a separate step. This involves collaboration between development, security, and operations teams throughout the entire software development lifecycle (SDLC).
+
+Some key differences between cybersecurity and DevSecOps include:
+
+**Focus**: Cybersecurity is primarily focused on protecting systems from external threats, while DevSecOps focuses on integrating security into the development process.
+
+**Scope**: Cybersecurity covers a wider range of topics, including network security, data security, application security, and more. DevSecOps, on the other hand, is specifically focused on improving the security of software development and deployment.
+
+**Approach**: Cybersecurity typically involves implementing security measures after the development process is complete, while DevSecOps involves integrating security into the development process from the start.
+
+**Collaboration**: Cybersecurity often involves collaboration between IT and security teams, while DevSecOps involves collaboration between development, security, and operations teams.
+
+## Resources 
+
+Over the course of the 90 Days, we will have a daily resources list that will bring relevant content that will help continue the topics and where you can go to find out more. 
+
+- [TechWorld with Nana - What is DevSecOps? DevSecOps explained in 8 Mins](https://www.youtube.com/watch?v=nrhxNNH5lt0&list=PLsKoqAvws1pvg7qL7u28_OWfXwqkI3dQ1&index=1&t=19s)
+
+- [What is DevSecOps?](https://www.youtube.com/watch?v=J73MELGF6u0&list=PLsKoqAvws1pvg7qL7u28_OWfXwqkI3dQ1&index=2&t=1s)
+
+- [freeCodeCamp.org - Web App Vulnerabilities - DevSecOps Course for Beginners](https://www.youtube.com/watch?v=F5KJVuii0Yw&list=PLsKoqAvws1pvg7qL7u28_OWfXwqkI3dQ1&index=3&t=67s)
+
+- [The Importance of DevSecOps and 5 Steps to Doing it Properly (DevSecOps EXPLAINED)](https://www.youtube.com/watch?v=KaoPQLyWq_g&list=PLsKoqAvws1pvg7qL7u28_OWfXwqkI3dQ1&index=4&t=13s)
+
+- [Continuous Delivery - What is DevSecOps?](https://www.youtube.com/watch?v=NdvMUcWNlFw&list=PLsKoqAvws1pvg7qL7u28_OWfXwqkI3dQ1&index=5&t=6s)
+
+- [Cloud Advocate - What is DevSecOps?](https://www.youtube.com/watch?v=a2y4Oj5wrZg&list=PLsKoqAvws1pvg7qL7u28_OWfXwqkI3dQ1&index=6)
+
+- [Cloud Advocate - DevSecOps Pipeline CI Process - Real world example!](https://www.youtube.com/watch?v=ipe08lFQZU8&list=PLsKoqAvws1pvg7qL7u28_OWfXwqkI3dQ1&index=7&t=204s)
+
+Hopefully this gave you a taster for what you can expect for this module and some of the resources above will help provide more depth on the topic, In the post on [Day 3](day03.md) we will be taking a look at what an attacker thinks like which is why we have to protect from the start.

Contributors.md

@@ -92,6 +92,13 @@ Contributors
     </td>
 </tr>
 <tr>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/rishabkumar7>
+            <img src=https://avatars.githubusercontent.com/u/45825464?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Rishab Kumar/>
+            <br />
+            <sub style="font-size:14px"><b>Rishab Kumar</b></sub>
+        </a>
+    </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/LeslieLeung>
             <img src=https://avatars.githubusercontent.com/u/22127499?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Leslie Leung/>
@@ -113,13 +120,6 @@ Contributors
             <sub style="font-size:14px"><b>Murali-Puvvada</b></sub>
         </a>
     </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/rishabkumar7>
-            <img src=https://avatars.githubusercontent.com/u/45825464?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Rishab Kumar/>
-            <br />
-            <sub style="font-size:14px"><b>Rishab Kumar</b></sub>
-        </a>
-    </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/alexinslc>
             <img src=https://avatars.githubusercontent.com/u/127081?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Alex Lutz/>

README.md

@@ -4,7 +4,7 @@
  <img src="logo.png?raw=true" alt="90DaysOfDevOps Logo" width="50%" height="50%" />
 </p>
 
-![Website](https://img.shields.io/website?url=https%3A%2F%2Fwww.90daysofdevops.com) ![GitHub Repo stars](https://img.shields.io/github/stars/MichaelCade/90DaysOfDevOps)
+[![Website](https://img.shields.io/website?url=https%3A%2F%2Fwww.90daysofdevops.com)](https://www.90daysofdevops.com) [![GitHub Repo stars](https://img.shields.io/github/stars/MichaelCade/90DaysOfDevOps)](https://github.com/MichaelCade/90DaysOfDevOps)
 
 This repository is used to document my journey on getting a better foundational knowledge of "DevOps". I will be starting this journey on the 1st January 2022 but the idea is that we take 90 days which just so happens to be January 1st to March 31st.
 
@@ -20,13 +20,13 @@ The two images below will take you to the 2022 and 2023 edition of the learning
 
 <p align="center">
  <a href="2022.md">
- <img src="2022.jpg?raw=true" alt="2022" width="50%" height="50%" />
+ <img src="2022.png?raw=true" alt="2022" width="70%" height="70%" />
 </p>
-</a>
 
+</a>
 <p align="center">
  <a href="2023.md">
- <img src="2023.jpg?raw=true" alt="2022" width="50%" height="50%" />
+ <img src="2023.png?raw=true" alt="2023" width="70%" height="70%" />
 </p>
 </a>