Hybrid: Automating Secure Infrastructure through code and ML Ops

EUR ING Nelson Alfonso MSc CITP CEng LFEDIP MCMI FBCS

Modern ML systems fail in different ways: inconsistent environments, leaky secrets, overly permissive data access, and problems such as "it worked on my own PC, server or GPU", but doesn't work when I deployed it to the production environment.

This talk shows how to automate Infrastructure as Code (IaC) and ML Ops using Terraform as the control plane, provisioning not only network and compute resources, but also ML foundational services such as artefact stores, model registries, feature stores, and secure service identities.

We'll build a DevSecOps workflow that shifts security left: including static IaC scanning (using tools such as TFLint, Trivy/Checkov), policy-as-code guardrails (with OPA/Rego via Conftest), and secrets management (using SOPS + Vault) enforced from pre-commit to CI/CD (using Jenkins).

This talk will look at patterns for encrypted remote state, signed and auditable plan/apply, least-privilege access to data and models, and drift detection. The aim is to ensure changes to platforms are reproducible, compliant, and "production-safe" as they scale.

Target audience:

• Platform/Infrastructure engineers building cloud foundations and internal platform
• ML platform / ML Ops engineers automating training/serving environments and pipelines
• DevSecOps / Security engineers enforcing policy, compliance, and secure delivery
• Data engineers/analytics platform teams who manage governed storage and access
• Tech leads/architects standardising delivery across multiple teams/environments.

EUR ING Nelson Alfonso MSc CITP CEng LFEDIP MCMI FBCS

Nelson has spent over 13 years building and operating technology in highly regulated environments, starting hands-on in software engineering and progressing into leadership roles across cloud infrastructure, security assurance, and governance for regulated systems.

Across roles spanning ML infrastructure, cybersecurity and privacy, and large-scale platform engineering, he's focused on making complex systems reliable, auditable, and safe; not just "working".

Throughout his career, he has adapted to fast-changing technical landscapes while maintaining a steady focus on evidence: privacy-by-design, control frameworks, encrypted-by-default architectures, and human-in-the-loop safeguards for AI systems. That blend of deep engineering, operational reality, and risk-based governance gives Nelson the versatility to translate technical detail into decision-ready options for senior stakeholders, especially where reliability, compliance, and public benefit actually matter.

Our events are for adults aged 16 years and over.

BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society.

If you are attending in person, please familiarise yourself with the Visitor Instructions for the BCS London Office.

Please note, if you have any accessibility needs, please let us know via Z3JvdXBzIHwgYmNzICEgdWs=, and we’ll work with you to make suitable arrangements.

For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.

This event is brought to you by: DevSecOps SG

Also check out other Workshops in London.