Bringing DevOps Principles to Controls and Audit

In 2025, many organizations still manage critical compliance controls through manual checks, spreadsheets, Word documents, and Confluence pages—approaches that are error-prone, inefficient, and increasingly outdated. In 2023, frustrated by these challenges, a group of Cloud Native engineers decided to address this gap head-on by creating an open-source solution designed from the ground up to automate Governance, Risk, and Compliance (GRC).

This initiative aligned with broader movements across the industry, including NIST's Open Security Controls Assessment Language (OSCAL) and the European Union's Digital Operational Resilience Act (DORA), underscoring a global shift toward standardized, automated compliance frameworks.

This session shares our journey into Continuous Compliance: the motivations behind the project, key lessons learned from our mistakes, and insights from ongoing development and community advocacy. Attendees will gain practical guidance on leveraging Continuous Compliance principles to reduce risk, streamline governance processes, and move their organizations beyond manual compliance into automated, real-time assurance.

Speaker

Ian Miell

Author of "Docker in Practice" & "Learn Git/Bash the Hard Way", Consultant Partner @Container Solutions

Ian Miell has over twenty-five years' experience in software consulting on, writing, running, architecting, and maintaining software and infrastructure for dozens of businesses from large to small.  He now focusses on unblocking organisations from making technical changes from the top to the bottom of the tech and management stacks.

He has written the book 'Docker in Practice' (published by Manning), 'Learn Bash the Hard Way', 'Learn Git the Hard Way', and 'Learn Terraform the Hard Way' (published on Leanpub), as well as various training courses for O'Reilly Media and others.

He blogs about his experiences at https://zwischenzugs.com, and is a Consulting Partner at https://www.container-solutions.com/.

Read more
Find Ian Miell at:

Date

Wednesday Apr 9 / 01:35PM BST ( 50 minutes )

Location

Churchill (Ground Fl.)

Share

Share Share

From the same track

Session Platform Engineering

Unleashing Kubernetes for Secure Bare-Metal Workloads

Wednesday Apr 9 / 02:45PM BST

Kubernetes is great for general cloud-native workloads but struggles with low latency and high-performance computing (HPC) due to its abstraction overhead, lack of optimized scheduling, and network inefficiencies.

Session database

How to Build a Database Without a Server

Wednesday Apr 9 / 10:35AM BST

Modern data analytics workflows rely on scaling out to huge numbers of users and compute nodes. Managing database installations to handle this scale can be unsustainably complex and expensive.

Speaker image - Alex Seaton

Alex Seaton

Staff Engineer @ArcticDB, Previously Working on Quant Trading Systems @Man Group

Session Platform Engineering

Extreme DevOps Automation

Wednesday Apr 9 / 03:55PM BST

Revolut's rapid growth relies on a powerful microservices architecture, but this presents a significant scaling challenge.

Speaker image - Sérgio Amorim

Sérgio Amorim

Systems Engineering @Revolut, Working in Developer Experience DevOps Platform Team

Session architecture

Latency: The Race to Zero...Are We There Yet?

Wednesday Apr 9 / 11:45AM BST

Low and predictable latency have been an edge in financial trading. Aeron has been pushing the limit on what is possible for IPC, on-premise, and in the cloud messaging. Can we do better?

Speaker image - Amir Langer

Amir Langer

Principal Software Engineer @Adaptive Financial Consulting