This talk explains how to automate cloud infrastructure and ML platforms with best practices for IaC & CI/CD to deliver security for MLOps.
Agenda
6:00pm - Tea, coffee and networking
6:30pm - Main presentation – Nelson Alfonso
7:30pm - Questions and answers, followed by light refreshments for those attending
8:30pm - Close
Speaker
EUR ING Nelson Alfonso MSc CITP CEng LFEDIP MCMI FBCS
Synopsis
Modern ML systems fail in different ways: inconsistent environments, leaky secrets, overly permissive data access, and problems such as "it worked on my own PC, server or GPU", but doesn't work when I deployed it to the production environment.
This talk shows how to automate Infrastructure as Code (IaC) and ML Ops using Terraform as the control plane, provisioning not only network and compute resources, but also ML foundational services such as artefact stores, model registries, feature stores, and secure service identities.
We'll build a DevSecOps workflow that shifts security left: including static IaC scanning (using tools such as TFLint, Trivy/Checkov), policy-as-code guardrails (with OPA/Rego via Conftest), and secrets management (using SOPS + Vault) enforced from pre-commit to CI/CD (using Jenkins).
This talk will look at patterns for encrypted remote state, signed and auditable plan/apply, least-privilege access to data and models, and drift detection. The aim is to ensure changes to platforms are reproducible, compliant, and "production-safe" as they scale.
Target audience:
- Platform/Infrastructure engineers building cloud foundations and internal platform.
- ML platform / ML Ops engineers automating training/serving environments and pipelines.
- DevSecOps / Security engineers enforcing policy, compliance, and secure delivery.
- Data engineers/analytics platform teams who manage governed storage and access.
- Tech leads/architects standardising delivery across multiple teams/environments.
About the speaker
EUR ING Nelson Alfonso MSc CITP CEng LFEDIP MCMI FBCS
Nelson has spent over 13 years building and operating technology in highly regulated environments, starting hands-on in software engineering and progressing into leadership roles across cloud infrastructure, security assurance, and governance for regulated systems.
Across roles spanning ML infrastructure, cybersecurity and privacy, and large-scale platform engineering, he's focused on making complex systems reliable, auditable, and safe; not just "working".
Throughout his career, he has adapted to fast-changing technical landscapes while maintaining a steady focus on evidence: privacy-by-design, control frameworks, encrypted-by-default architectures, and human-in-the-loop safeguards for AI systems. That blend of deep engineering, operational reality, and risk-based governance gives Nelson the versatility to translate technical detail into decision-ready options for senior stakeholders, especially where reliability, compliance, and public benefit actually matter.
Our events are for adults aged 16 years and over.
BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today
Please note: if you have any accessibility needs, please let us know via groups@bcs.uk, and we’ll work with you to make suitable arrangements.
If you are attending in person, please familiarise yourself with the Visitor Instructions for the BCS London Office.
For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.
This event is brought to you by: DevSecOps specialist group
