Postmortem: How Not Knowing OPA 0.70 and Kyverno 1.12 Cost Me a DevSecOps Role at Stripe I’ve been a DevSecOps engineer for 6 years, with a focus on cloud native policy enforcement using Open Policy Agent (OPA) and Kyverno. When I landed an interview for a senior DevSecOps role at Stripe earlier this year, I was confident: I had years of experience writing Rego policies, deploying Kyverno ClusterPolicies, and scaling policy checks for Kubernetes workloads. I never expected that gaps in my knowledge of two specific tool versions — OPA 0.70 and Kyverno 1.12 — would cost me the offer. Background: Stripe’s Policy Stack Stripe’s infrastructure runs on a massive Kubernetes fleet, with strict compliance requirements for PCI-DSS, SOC 2, and internal security standards. To enforce these policies at scale, they rely heavily on OPA for general-purpose policy evaluation and Kyverno for Kubernetes-native policy management.…