DevOps to Defence: My Leap into Cloud Security
If my career were a movie, I’d call it: “From Pipelines to Policies: The Accidental Cloud Security Engineer.”
I didn’t plan on becoming a cloud security engineer. Honestly, I just followed my curiosity until suddenly… here I was.
How It All Began (DevOps Days)
I never really knew what corner of computing I wanted to land in — I just knew I wanted to be in.
At university, I built an interactive learning platform for my bachelor’s project. It was containerised, hosted on DigitalOcean, and to me it felt like magic that it even ran. Later, when I started looking for jobs, a DevOps role came up and I thought: “Hang on, this is literally what I just did for my project. Why not?”
That’s how DevOps became my first stop.
Of course, with DevOps comes DevOops. My classic? Missing an indent in YAML during a merge request. One space. That’s all it took to bring things tumbling down or somewhat worst nothing changing in the kubernetes cluster. That was when I coined my favourite phrase: DevOopises.
From there, I learned some lessons that still stick with me today:
Automate where you can (and sometimes where you probably shouldn’t).
Debugging isn’t about knowing all the answers — it’s about knowing how to find them.
And no matter what, YAML has zero chill.
The Plot Twist – Enter Cloud Security
I’d always been curious about cybersecurity, even while buried in pipelines and deployments. Working in DevOps, we didn’t have any dedicated cloud security engineers, so we often had to try to “secure things ourselves.” But the truth was uptime and features always came first. Security was a “best effort.”
When my team shifted focus and responsibilities, I saw an opportunity. I realised:
I already knew the platform inside and out.
I knew why DevOps teams cut corners under pressure.
And I knew exactly where the loopholes were.
So, I jumped. Instead of just building, I wanted to be the one protecting.
The Transformation – From Pipelines to Policies
The switch wasn’t instant it was more like layering security onto everything I was already doing. I started picking up the security-related tickets. Asking the “but what if…” questions. Slowly nudging myself deeper into the security space.
At the same time, I dove into online courses, trainings, and hands-on tinkering. Anything that could expand my knowledge of cloud security, I grabbed with both hands.
The hardest part?
Letting go. I still found myself being the “subject matter expert” in my old DevOps areas. When something broke, my instinct was to fix it. It took time for people to see me less as “the pipeline person” and more as “the security one.”
The most fun part?
The freedom to own ideas and run with them. In my old team, surrounded by senior engineers, there was always someone to say, “That won’t work.” In security, it was just me if I had a gut feeling, I followed it. Sometimes I was right. Sometimes I learned. But it was mine. And yes, I’ve had my share of quirky struggles.
Lessons Learned (And Still Learning!)
Some things I’ve picked up along the way:
Security isn’t about saying no — it’s about finding a safe way to say yes.
DevOps skills are a superpower in security — knowing how things are built makes you much better at protecting them.
You don’t need to be an expert to have an opinion. But also? You don’t need an opinion on everything.
If I could tell my younger self one thing starting out in DevOps, it would be this: Being in an all-male team, there will be times you feel “one of the guys,” and times you know you’re not. Both are okay. What matters is your voice — don’t be afraid to use it.
And if I had to sum up the difference between DevOps and Security? Easy:
DevOps = speed, scale, delivery.
Security = priorities, patience, and paranoia (the good kind).
The Road Ahead
Cloud security is a space that never stops evolving and that’s exactly what excites me. My next step is diving deeper into cloud security architecture, building security into platforms from day one instead of trying to glue it on after.
How do I want you to feel after reading this? Motivated. Curious. Maybe even laughing at your own DevOopises. Because if there’s one thing I’ve learned, it’s that this path isn’t linear and that’s the fun of it.
If you’ve got your own story, questions, or YAML disasters to share, I’d love to hear them. You can find me on LinkedIn, drop me a message, or just say hi.
After all whether you’re building, securing, or fixing indent errors at 2 AM — we’re all in this wonderfully messy cloud together.