Jeff Weber · Security Engineering Leader
Sign in
secure-devops

Zero-Downtime Delivery for Regulated Deployments

Redesigned a financial compliance platform to ship daily while satisfying strict change-management policy.

secure-devopscicdcompliance

Results

Audit Findings
0 repeat findings across 3 audits
Mean Time Recovery
<7 minutes
Deployments Per Week
28 automated releases

Modernizing the delivery pipeline meant codifying every compliance requirement alongside progressive delivery guardrails.

Approach

  1. Built a GitOps workflow with signed container promotion.
  2. Enforced policy-as-code for segregation of duties and CAB approvals.
  3. Added automated fallbacks leveraging blue/green environments with database shadow traffic.

Impact

  • 28 automated releases per week with zero repeat audit findings.
  • Recovery time improved to under 7 minutes thanks to deterministic rollbacks.

Related projects

Secure Pipeline as Code
Codified a hardened CI/CD pipeline with supply chain validation, SBOM attestation, and policy-as-code gates.