CI/CD pipelines are essential for modern software development, providing automation for building, testing, and deploying code, but they also present significant security challenges due to their access to code and internal systems. This text explores various security considerations and practices for securing CI/CD systems, emphasizing the importance of defining security boundaries through hardware and software configurations. Key risks associated with CI/CD pipelines include identity and access management, poisoned pipeline execution attacks, and the handling of sensitive data, all of which require careful management of user permissions and the implementation of the principle of least privilege. The text discusses strategies such as using clusters to create security boundaries, isolating sensitive operations, employing single sign-on for streamlined access management, and maintaining compliance with regulatory requirements. By properly configuring CI/CD tools like Buildkite, organizations can mitigate risks, enhance security, and maintain robust software engineering environments, all while balancing the needs of open-source and private projects.