Interview › Security & DevSecOps
What is 'secure by default', and give an example of a secure-by-default pattern? [Intermediate]
Answer
Secure by default means the default path is safe without requiring every developer to be a security expert. In practice, platform templates, CI/CD modules, base images, IAM roles, and Kubernetes namespaces should start with least privilege, encryption, logging, and restrictive network access.
Technical explanation
Defaults matter because engineers usually follow the fastest path provided by the platform.
Secure defaults reduce the number of policy violations and exceptions that security teams must chase.
Developers can still request exceptions, but exceptions should be explicit and reviewed.
Hands-on example
Example: a golden Kubernetes deployment template sets runAsNonRoot, readOnlyRootFilesystem, dropped capabilities, resource limits, liveness/readiness probes, no host networking, restricted NetworkPolicy, and mandatory owner labels. Teams inherit safety by using the template.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]