top of page

Bringing People, Process and Technology together!

  • White LinkedIn Icon
  • White Twitter Icon
  • White Instagram Icon
  • White Facebook Icon
  • White LinkedIn Icon
  • White Twitter Icon
  • White Instagram Icon
  • White Facebook Icon
About

About

My passion is helping companies bringing people, processes and technology together so that they can deliver continuously value to their customers.   

I graduated in 2001 as a computer scientist at FHNW. In the 20 years where I worked as a software developer, software architect and consultant for Zühlke, I was able to build up a comprehensive knowledge of software development, architecture and processes. I have worked with a variety of platforms and technologies, consulting in the sectors of financial, insurance, cyber security, electricity, medical, and aviation. Software development is a young profession, and we are still learning the techniques and building the tools to do it effectively. That's why my passion is helping companies bringing people, processes and technology together so that they can deliver continuously value to their customers. 

In my free time I'm organizing the DevOps Meetups Zürich where the DevOps community of Zürich meets together on a monthly basis and I organize the DevOps Days Zürich which is a yearly two day conference. 

Experience

Experience & Interests

DEVOPS

You face the challenge of enhancing efficiency while lowering costs. And approved changes to a product often take too long to reach customers in the marketplace. I use DevOps to shorten feedback loops and speed up throughput – from the initial concept to delivering the product to the customer.

Software Architecture

Software architectures and systems can be very complex. I provide easy-to-understand, fact-oriented recommendations for action. These give you the security you need for pioneering and strategic decisions.

Application Modernisation

Insufficient stability and a lack of flexibility when it comes to adapting existing IT systems and business applications can impair the performance of companies. Due to my experience of completing many complex and successful modernisation projects, I'm perfectly equipped to accompany you through your transformation.

Public Speaking

I love to do public speaking about:

DevOps

Agile Transformation

Software Architecture

Application Modernization

Videos

Videos
GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning

GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning

What is Secret Scanning 🤫? Part 7/12: In this video, Padi and I will show you how to find secrets in your own code or configuration files with GitHub. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:28 Intro 00:34 DevSecOps with GitHub 01:26 About Secret Scanning 03:13 Secrets in the source code? 04:15 How to enable Secret Scanning 04:56 How to review Secret Scanning findings 05:53 Supported secrets for advanced security 07:12 Enable Secret Scanning in GitHub 07:23 Enable Push Protection 07:33 Define custom pattern 08:57 Add secrets to the code 09:59 Publish rule 10:22 Secret scanning results 10:27 Why did it not find the other secrets? 11:26 Add Azure Secret 11:59 Why is push protection not working? 12:43 Secret scanning results 13:06 Summary ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ GitLab https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ Secret Scanning in GitHub https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth
GitHub: DevSecOps: Part 6/12: How to use Container Scanning

GitHub: DevSecOps: Part 6/12: How to use Container Scanning

How to do Container Scanning 📦 in GitHub? Part 6/12: In this video, Padi and I will show you how to find vulnerabilities in your container images with GitHub. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:22 Intro 00:27 DevSecOps with GitHub 01:26 About Container Image Scanning 02:25 Container Image Scanning implementation details 03:07 Add Container Image Scanning to Main-Pipeline.yml 04:50 Add docker.yml 07:49 Add container-image-scan.yaml 10:20 Pipeline results 10:58 Container Image Scanning results 11:49 How to deal with duplicates findings 14:04 Summary ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ Container Scanning in GitLab https://learn.microsoft.com/en-us/azure/container-registry/github-action-scan ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth
GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST)

GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST)

How to do Static Application Security Testing (SAST) 🛡️ in GitHub and to succeed with this critical security configuration. Part 5/12: In this video, Padi and I will show you how to find vulnerabilities in your code using Static Application Security Testing (SAST) in GitHub. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:27 Intro 00:33 DevSecOps with GitHub 01:05 About SAST 03:15 How to Implement SAST with GitHub 05:16 Add SAST to Main-Pipeline.yml 06:10 Create sast.yml 07:40 SAST with CodeQL 09:54 SAST with SpotBugs 10:49 SAST with Semgrep 12:23 Pipeline results 13:27 CodeQL findings 14:17 Semgrep findings 15:16 What didn't we find with these tools? 16:47 Summary ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ Static Application Security Testing (SAST) in GitHub https://github.com/features/security/code ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth