Jan 20248 min read
Shifting Left: Integrating Security into CI/CD
A comprehensive guide to implementing security scanning in your continuous integration pipeline, from SAST to container scanning.
DevSecOpsCI/CDSecurity
Read MoreOT Security + Platform Engineering
Hi, I'm Sven a
Securing Critical Infrastructure & Industrial Systems
OT-focused DevSecOps Engineer with 3+ years specialising in containerised platform security, operational resilience, and securing industrial workloads. Expert in infrastructure hardening, disaster recovery automation, and translating technical risks into actionable business decisions for senior stakeholders.
Docker + SwarmSecure CI/CDIncident ResilienceOT Workload Security
Technical Foundation
Technical Skills
A capability matrix focused on secure software delivery, resilient infrastructure, and practical engineering execution.
Domains
6
Core Technologies
30+
Primary Focus
Secure Platform Delivery
OTAdvanced
OT Security & Infrastructure
Critical workload protection and resilient platform operations.
Core Capabilities
- •Security architecture and infrastructure hardening
- •Identity, secrets, and network dependency controls
- •Vulnerability remediation and operational risk reduction
Tooling
VaultMinIO/S3LinuxNetwork Controls
DOAdvanced
DevOps & Containerisation
Reliable release engineering and platform automation.
Core Capabilities
- •Container lifecycle management and orchestration workflows
- •CI/CD pipeline design with traceable release controls
- •Infrastructure automation for repeatable environment delivery
Tooling
DockerDocker SwarmCI/CD PipelinesGit
BEAdvanced
Backend Development
Service-oriented backend engineering for secure integrations.
Core Capabilities
- •Microservice and API design for reliability and maintainability
- •Strong implementation in Go, C#, ASP.NET Core, and Node.js
- •Integration delivery across REST and SOAP/WSDL ecosystems
Tooling
GoC#ASP.NET CoreNode.jsTypeScript
DBStrong
Databases & Data
Transactional reliability and performance-aware data design.
Core Capabilities
- •Relational and document database modeling for production systems
- •Performance tuning and query optimization in SQL environments
- •Data access abstraction and reporting pipeline support
Tooling
PostgreSQLMS SQL ServerMongoDBRedisEntity Framework
UIStrong
Frontend Development
Clear, responsive interfaces that support operational workflows.
Core Capabilities
- •Responsive interface implementation across modern frameworks
- •Component-driven development with maintainable TypeScript patterns
- •Usability-focused iteration for production-facing experiences
Tooling
ReactAngularVue.jsTypeScriptHTML/CSS
SPAdvanced
Security Tools & Practices
Shift-left controls and continuous assurance in delivery workflows.
Core Capabilities
- •Secure build pipeline controls with automated quality gates
- •Static analysis and dependency risk visibility in CI
- •Policy-aligned remediation and compliance-minded engineering
Tooling
SonarQubeCheckmarxBlack DuckSecure Build Pipelines
Leadership Profile
Soft Skills
Professional competencies that drive effective leadership, communication, and problem-solving in complex technical environments
COM
Communication & Leadership
- ▹Cyber risk summarisation for senior stakeholders
- ▹Translating technical risks into practical business impact
- ▹Clear incident communication and status reporting
- ▹Remote team collaboration and coordination
ANA
Problem Solving & Analysis
- ▹Incident triage and troubleshooting under pressure
- ▹Root cause analysis and permanent fix implementation
- ▹Control gaps identification and remediation planning
- ▹Technical risk assessment and prioritisation
OPS
Operational Excellence
- ▹Production system reliability and resilience
- ▹Time-pressure decision making with senior stakeholders
- ▹Operational runbook creation and documentation
- ▹Disaster recovery and business continuity planning
SEC
Security & Compliance
- ▹Security posture benchmarking and reporting
- ▹Control gap remediation planning
- ▹Compliance assurance evidence gathering
- ▹Security architecture guidance for stakeholders
PRJ
Project & Process Management
- ▹Feature sign-off through regression and functionality checks
- ▹Version control discipline and change management
- ▹CI/CD pipeline optimisation and improvement
- ▹Structured export packaging and environment transfers
MEN
Technical Mentoring
- ▹Mentoring teams on security best practices
- ▹Knowledge sharing through comprehensive documentation
- ▹Cross-functional collaboration with development teams
- ▹Training on DevSecOps principles and tools
Professional Approach
01
Reliability-Focused
Committed to ensuring continuous availability and resilience of production systems
02
Process-Oriented
Documenting and improving processes through automation and standardization
03
Impact-Driven
Translating technical work into measurable business value and risk mitigation
Security Operating Model
DevSecOps Expertise
2+ years specialising in integrating security into every phase of the software development lifecycle, delivering measurable business impact through secure, automated, and compliant systems.
Secure CI/CD Pipelines
Implemented automated security scanning in build pipelines, reducing vulnerabilities by 80% before production deployment.
Business Impact:
80% reduction in production vulnerabilities
GitHub ActionsSnykSonarQubeOWASP
Infrastructure as Code Security
Automated infrastructure provisioning with built-in security controls and compliance checks using Terraform and policy-as-code.
Business Impact:
100% infrastructure audit compliance
TerraformOPACheckovAWS Config
Container Security
Established container security baseline with image scanning, runtime protection, and security policy enforcement.
Business Impact:
Zero critical container vulnerabilities
TrivyFalcoDocker BenchK8s PSP
Secrets Management
Implemented centralised secrets management and rotation, eliminating hardcoded credentials across all environments.
Business Impact:
100% secrets rotation automation
HashiCorp VaultAWS Secrets ManagerSOPS
Security Monitoring
Built comprehensive security monitoring and incident response pipeline with real-time threat detection.
Business Impact:
<5 minute threat detection time
PrometheusGrafanaELKFalco
Compliance Automation
Automated compliance reporting and remediation for SOC2, ISO 27001, and industry standards.
Business Impact:
90% reduction in audit preparation time
AWS ConfigCloud CustodianCompliance as Code
Security-First Approach
Shifted security left in the development process, integrating automated security checks from code commit to production deployment. This proactive approach has prevented countless security incidents and saved significant remediation costs.
Selected Work
Featured Projects
Key projects demonstrating DevSecOps expertise and business impact
Secure CI/CD Platform
Challenge
Release speed was constrained by manual security checks and inconsistent deployment controls across teams.
Approach
Designed a zero-trust CI/CD platform with automated policy gates, integrated scanning, and auditable deployment workflows.
Outcome
Deployed 500+ applications securely while reducing deployment lead time by 70%.
KubernetesGitLab CIVaultArgoCDTerraform
Cloud Security Automation
Challenge
Cloud misconfigurations were recurring and difficult to triage quickly at scale.
Approach
Built event-driven remediation workflows that detect, classify, and auto-fix high-confidence issues in near real time.
Outcome
Prevented 1,000+ security incidents with a 95% auto-remediation rate.
PythonAWSLambdaCloudWatchTerraform
Container Security Scanner
Challenge
Vulnerable images were reaching deployment stages without clear policy visibility.
Approach
Implemented a CI-native scanner with policy enforcement, image intelligence storage, and actionable developer feedback.
Outcome
Scanned 10,000+ images and blocked 200+ vulnerable deployments pre-production.
GoDockerTrivyPostgreSQLREST API
Infrastructure Monitoring Dashboard
Challenge
Teams lacked unified visibility into reliability and security posture across distributed services.
Approach
Created a central observability layer with service health, security telemetry, and compliance indicators in one dashboard.
Outcome
Enabled real-time visibility for 100+ services and reduced incident response time to under 5 minutes.
PrometheusGrafanaELKPythonK8s
Secret Rotation Service
Challenge
Manual secret rotation introduced risk and operational overhead across environments.
Approach
Delivered scheduled and event-triggered rotation with secure distribution and validation checks.
Outcome
Automated rotation for 500+ secrets with zero credential leakage incidents.
PythonVaultAWSKubernetesTerraform
Compliance Automation Framework
Challenge
Audit readiness required heavy manual evidence collection and inconsistent control validation.
Approach
Implemented policy-as-code controls with automated reporting and remediation guidance across cloud estates.
Outcome
Supported SOC2 readiness and reduced audit preparation time by 90%.
OPAPythonTerraformAWS ConfigAzure Policy
Career Timeline
Professional Experience
Multi-year journey from software development to specialised DevSecOps expertise
DevSecOps Engineer (OT Cybersecurity)
Deltaflare
August 2022 - January 2026 • London / Hybrid
Progressed from microservices development to production operations and security. Initially developed Go-based microservices for PKI-based device enrollment and provisioning, then transitioned to operating and securing containerised OT cyber platform protecting industrial workloads.
Key Achievements:
- •Architected and developed Go microservices for time-critical secure device enrollment and provisioning leveraging PKI and HTTPS-auth mechanisms
- •Built resilient microservices handling high-throughput provisioning workflows with robust error handling and recovery patterns
- •Documented all services with design docs, system requirements, API definitions, and test coverage documentation
- •Operated production Docker Swarm infrastructure (multi-node orchestration) with secure configuration and controlled upgrades
- •Improved system resilience by automating disaster recovery processes with consistent backups and point-in-time recovery
- •Built automation tooling for backups/restores including timestamp-based recovery, snapshot handling, and integrity verification
- •Engineered centralised authentication mechanisms supporting MFA workflows and fine-grained access controls across OT environments
- •Provided incident troubleshooting across container runtime, networking, and resource constraints with permanent fixes and runbooks
- •Onboarded sales executives on product offerings, business value, and client impact across OT cyber solutions
- •Delivered comprehensive reliability reporting to senior stakeholders on service disruptions and maintenance events
GoDocker SwarmLinuxPostgreSQLRedisMongoDBVaultMinIO/S3PKIHTTPSGitCI/CDMicroservices
Senior Applications Developer
TransUnion
April 2020 - August 2022 • Johannesburg, South Africa
Designed and implemented critical business solutions including document management services, billing execution, and third-party integrations.
Key Achievements:
- •Designed document upload and management service for dispute workflows, reducing client tickets by ~90%
- •Owned monthly billing execution for major clients via SQL Server stored procedures and scheduled automation
- •Integrated third-party verification services (biometrics, document fraud detection, phone verification) using API and SOAP/WSDL
- •Implemented CI/CD improvements using Azure DevOps and security tools (Checkmarx, Black Duck, SonarQube)
- •Delivered custom role-based authentication solution using Angular 8, ASP.NET Core Identity, JWT and Node.js
C#ASP.NET CoreAngularSQL ServerAzure DevOpsEntity FrameworkNode.js
Junior Developer
Singular Systems
December 2018 - May 2020 • Johannesburg, South Africa
Full-stack development building document management systems and automated reporting solutions for enterprise clients.
Key Achievements:
- •Built document upload and file management system for insurance client using C# and Vue.js, reducing document handling time by ~80%
- •Transformed manual customer statement processes via automated SSRS reporting solutions
- •Supported Salary Finance solution by debugging React issues and investigating SQL data warehouse problems
- •Developed automated test coverage using TestCafe, xUnit and Moq to reduce regression risk
C#Vue.jsReactSQL ServerSSRSEntity FrameworkHTML/CSS
IT Consultant (Part-time)
IT Solutions
January 2015 - November 2018 • Grahamstown, South Africa
Provided IT support and managed infrastructure for small-to-medium businesses.
Key Achievements:
- •Provided IT support to ~27 small-to-medium businesses including workstation troubleshooting and server management
- •Managed server backups and scheduled maintenance visits to ensure business continuity
Windows ServerLinuxActive DirectoryNetworking
Professional Profile
About Me
Passionate about building secure, scalable systems that drive business value
My Journey
My career started with software development and evolved into specialising in secure, resilient infrastructure. I began as a Junior Developer, building full-stack web applications, then progressed through software engineering roles at TransUnion before transitioning into DevSecOps engineering.
At Deltaflare, I've spent the last 3+ years operating and securing containerised OT cyber platforms protecting industrial workloads. This role deeply shaped my understanding of operational resilience, incident troubleshooting, and translating technical risks into actionable business decisions for senior stakeholders.
My expertise spans secure CI/CD pipelines, disaster recovery automation, containerisation technologies, and secure application development across .NET and modern web frameworks. I'm passionate about designing systems that balance security with operational efficiency.
I focus on bridging the gap between development and operations, ensuring production systems remain reliable, secure, and resilient under pressure. Outside of work, I'm continuously exploring emerging technologies and security methodologies.
OT
OT Security
Designing and implementing security solutions for industrial control systems and critical infrastructure
AT
Automation
Building disaster recovery and infrastructure automation tools for operational resilience
LN
Continuous Learning
Staying current with DevSecOps practices, containerisation technologies, and security frameworks
IR
Incident Resilience
Developing incident response procedures and operational runbooks for production systems
Certifications
AWS Solutions Architect Practitioner
Amazon Web Services2020
Hyperion Software Engineer Bootcamp
Oracle2019
Core Values
- ▹Security First: Security should be built in, not bolted on
- ▹Automation: If you do it twice, automate it
- ▹Collaboration: DevSecOps is a team sport
- ▹Continuous Improvement: Always learning, always evolving
Export Options
Download CV
Download my CV in your preferred format (UK formatted)
PDF
Print-ready version with professional formatting.
TXT
Plain Text
ATS-friendly text version for job portals.
HTML
HTML
Structured web format for easy sharing.
JSON
JSON
Machine-readable profile data format.
Tip: Use Print / Save PDF for the most polished formatted CV.
Writing & Insights
Latest Articles
Sharing insights, tutorials, and best practices on DevSecOps, cloud security, and automation
Dec 202312 min read
Zero Trust Architecture in Kubernetes
How to implement zero trust principles in your Kubernetes clusters using network policies, service mesh, and RBAC.
KubernetesSecurityZero Trust
Read MoreNov 202310 min read
Automating Secret Rotation with HashiCorp Vault
Best practices for implementing automated secret rotation and management at scale in multi-cloud environments.
VaultSecretsAutomation
Read MoreOct 20237 min read
Infrastructure as Code Security: Terraform & OPA
Using Open Policy Agent to enforce security policies in your Terraform infrastructure deployments.
IaCTerraformPolicy
Read MoreFeb 202410 min read
Container Security Best Practices
From image scanning to runtime protection, a complete guide to securing your containerized applications.
Container SecurityDockerKubernetesDevSecOps
Read MoreAug 20236 min read
Building a Security-First Culture in DevOps
How to foster a culture where security is everyone's responsibility, not just the security team's job.
CultureDevSecOpsLeadership
Read MoreLet's Connect
Get In Touch
Interested in collaboration or have questions about DevSecOps? Let's connect!
Send a Message
Download CV
Get a comprehensive overview of my experience, skills, and certifications in multiple formats.
View CV Download OptionsQuick Response
I typically respond within 24-48 hours. For urgent matters, please reach out via LinkedIn.
💡Open to freelance projects, consulting opportunities, and full-time roles
Built with Next.js, TypeScript, and Tailwind CSS • Deployed with Docker
© 2026 Sven Nellemann. All rights reserved.