In the second part of this Kubicast, Alexandre Sieira brings even more important insights for the security of your environment.
mansplainer
João Brito
Have you already fallen into the “invulnerable image” trap?
In the second part of season 7, episode 164 of Kubicast, we continue our conversation with Alexandre Sieira, founder of Tenchi Security, diving deep into the technical challenges of practical security — the day-to-day kind, involving CVEs, compromised GitHub repos, and costly decisions.
With real-world examples and sharp insights, Sieira shows us why security is more than policy: it is architecture, process, and culture in action.
Problems faced
Container images with vulnerable bases being treated as “secure”.
Lack of visibility into what is running in the pipeline.
Risk of excessive dependencies and lack of control in the supply chain.
Real incidents of compromise in CI/CD tools (like GitHub Actions).
Difficulty in reconciling security with operational performance.
Solutions adopted
Continuous vulnerability management focusing on attack surface reduction.
Use of SBOM (Software Bill of Materials) as an ally in traceability.
Environment segregation with secure deployment across accounts and contexts.
Architecture optimizations without giving up secure practices.
Closing the gap between product and security teams right from the start of the journey.
Throughout the episode, it became clear that effective security does not depend on a perfect stack — but on conscious decisions. Belonging to the real world of DevSecOps means understanding that agility and security cannot only coexist, but actually complement each other. Frequent releases, traceability, and a culture of continuous improvement are factors that reduce risks and increase operational confidence.
Among the best practices discussed, we reinforce that less is more: minimizing dependencies, separating environments, applying principles like Least Privilege, and always thinking about blast radius are simple decisions with a huge impact. In addition, bringing teams closer from the architecture stage helps create a distributed security environment — rather than a centralized roadblock.
🎧 Also listen to Kubicast on Spotify, share it with your team, and comment on the video about the security issues you are currently facing!
Hosted by João Brito, your favorite host (@juniorjbn).
Newsletter Getup.
Atualizações sobre Kubernetes e Software Supply Chain Security todos os meses.
Operating Kubernetes in production for more than 13 years. With Quor, this experience extends to software supply chain security as well.
GET UP
© Getup · 2026
