GG logo mark GG Nagarkar
Back to Things I've Built

DevSecOps

GitLab DevSecOps Modernization

Confidential Client Builds

Security-first modernization of CI/CD, infrastructure, and service delivery practices.

GitLabDevSecOpsGoogle Secret ManagerWorkload IdentityISO 27001NIST

Architecture Responsibility

Responsible for technology architecture and hands-on delivery direction across system design, deployment, DevOps, cost, scale, reliability, and production readiness.

Outcome

Moved the organization toward a security-first CI/CD model, reducing manual overhead and strengthening alignment with ISO 27001 and NIST-oriented controls.

Scale

Designed as a foundational delivery platform for multiple application and infrastructure workflows.

Architecture

  • Centralized source control and CI/CD on GitLab.
  • Enforced signed commits, stronger secret handling, and secure pipeline controls.
  • Used Google Secret Manager for secret management.
  • Enforced TLS 1.2+ across service endpoints.
  • Embedded static and dynamic security checks inside the deployment pipeline.

Lessons Learned

  • Security becomes sustainable when it is built into CI/CD pipelines, identity, secrets, and infrastructure automation instead of reviewed after deployment.
  • Workload identity and short-lived access patterns reduce operational risk more effectively than static keys.
  • DevSecOps architecture should make secure delivery the default path for engineering teams, not a separate approval burden.