When we run an application in containers under Kubernetes, we no longer control which machine a piece of code will run on. Does this constitute a security weakness? How do we cope when security patches need to be applied in response to vulnerabilities? In this talk, we will see how automation and DevSecOps processes can help us address these concerns, and explore how the properties of an orchestrated deployment can even help us keep our software safer from attack.