Getting started with GitHub and DevSecOps
A lot of the intern candidates I speak with are not familiar with many modern tools because most university IT and CS courses don’t use them, or don’t use them to their full potential. In a similar boat are senior systems engineers who have worked for often 10, 15 or even 20+ years in Windows, UNIX/Linux or a hardware field like storage or networking and have never come across these developer centric paradigms for operations.
This post is for you. It assumes you are comfortable with your computer whatever operating system you run, and you want to learn what the fuss is about Git, GitHub, CI/CD and Dev(Sec)Ops.
If you’re a student you might also find my general advice for student blog post helpful and if you’re an IT professional or aspiring to be one I also have a post on IT Certifications There are many tools available to achieve this, at my current workplace UTS we use GitHub Enterprise so this is mostly predicated on that, but you should be able to easily adapt these skills and capabilities to other tools such as GitLab, Jenkins or any of the many other popular tools.
GitHub Enterprise is both a version control platform and an automation platform used for DevSecOps, Continuous Integration & Continuous Delivery.
If you aren’t familiar with git a good place to start is with the courses freely available on GitHub Training or GitLab Learn. The basic training should take half a day to 2 days to complete depending on your experience so far.
Once you’ve covered these off and done a few sample pipelines for deploying your project of choice, be that a WordPress website, a React app or a even a Windows desktop app you’ll be hungry for more and I strongly recommend reviewing the links above, particularly the references for Minimum CD have some fantastic books, videos and websites for you to dig deeper into automation and CI/CD.
Software
There are no shortages of cool tools in DevSecOps or Cloud, personally I like Linux and CLI based tools, but you might prefer Windows and VS Code. No judgement here, whatever works best for you. I do strongly recommend that you get some exposure to Linux as I find the best DevOps/DevSecOps/Developers are the ones who understand the paradigm of UNIX, because it’s the same paradigm for cloud services (almost). If you run Windows 10 or 11 play with WSL2. If you have enough RAM run a Linux VM on your Windows or Mac computer.
If you’re really keen dive off the deep end and install Linux directly on your laptop. You’ll be amazed the skills you learn as you dig into Linux on a daily basis, solving problems you never knew existed before… Though if you can afford it just get a Raspberry Pi, or better yet a second hand Lenovo ThinkPad and use it with Linux.
If you must use a virtual server for your Linux playing I recommend BinaryLane for as little as $3.75AUD per month you can have a VPS to test out ideas. The reason I recommend a ThinkPad though is that you can then run KVM and play with virtualisation which opens up more doorways.
Home Lab / Hardware
At some point you realise you need to build - or have built - a home lab. A playground for you to learn and host projects on. It might be an old computer repurposed as a Linux or Windows server, a raspberry Pi, a rack-mount server you bought cheap on Ebay before you found out what 90 decibels really sounds like, or it might be an old gaming laptop that happens to have 32GB of RAM. (I have done all of these). It doesn’t matter really.
I recommend having a base OS of Linux and specifically a LTS like Ubuntu 20.04. Minimal customisation is to be done on this install, just set up KVM/Libvirt and then do all your work in VMs. That way any mistakes are just a snapshot rollback and/or a fresh boot to solve. ProxMox or similar options are easier, but will abstract a lot of concepts away from you.
You can also leverage the free tiers of AWS, Azure & Google to learn and play in their clouds, but be careful, one wrong deployment can be expensive. If you can afford it a subscription to A Cloud Guru not only provides a wealth of training but also a cloud sandpit where you can play with hyper-scale clouds without worrying about getting a massive bill at the end of the month.
Other Resources
Of course I’m not the only person with strong opinions (weakly held) on how to get started in DevSecOps and Cloud, the following are blogs and sites that are honestly more likely to be updated than mine :)