Automating Secure Infrastructure through code and ML Ops | DevSecOps SG

Modern ML systems fail in different ways: inconsistent environments, leaky secrets, overly permissive data access, and problems such as "it worked on my own PC, server or GPU", but doesn't work when I deployed it to the production environment. This talk shows how to automate Infrastructure as Code (IaC) and ML Ops using Terraform as the control plane, provisioning not only network and compute resources, but also ML foundational services such as artefact stores, model registries, feature stores, and secure service identities. We'll build a DevSecOps workflow that shifts security left: including static IaC scanning (using tools such as TFLint, Trivy/Checkov), policy-as-code guardrails (with OPA/Rego via Conftest), and secrets management (using SOPS + Vault) enforced from pre-commit to CI/CD (using Jenkins). This talk will look at patterns for encrypted remote state, signed and auditable plan/apply, least-privilege access to data and models, and drift detection. The aim is to ensure changes to platforms are reproducible, compliant, and "production-safe" as they scale. Target audience: Platform/Infrastructure engineers building cloud foundations and internal platform. ML platform / ML Ops engineers automating training/serving environments and pipelines. DevSecOps / Security engineers enforcing policy, compliance, and secure delivery. Data engineers/analytics platform teams who manage governed storage and access. Tech leads/architects standardising delivery across multiple teams/environments.