Explore Infrastructure as Code (IaC) security best practices and strategies in this conference talk from Conf42 DevSecOps 2023. Learn how to tag resources properly, avoid insecure defaults, and regularly check for announcements in cloud platforms. Discover the importance of secret management and permission management, and understand why these practices are crucial. Gain insights on tracking and managing changes using version control tools, and how to use pipelines to automatically analyze security vulnerabilities. Be cautious when managing resources with IaC in pipelines, and learn about the risks of poisoned pipeline execution. Find out how to protect specific resources from accidental deletion or modification. This comprehensive overview covers essential aspects of securing your infrastructure as code implementations.