January | 2016 | the agile admin

Monthly Archives: January 2016

by wickett | January 15, 2016 · 11:47 am

Links on Bridging Security and DevOps

If you remember, I (@wickett) said I would be doing more blogging for Signal Sciences in the new year. We still are in January, but I am glad to say that so far so good. Here are a couple highlights from recent posts:

What security experts need to know about DevOps and continuous delivery < This post made it on DevOps Weekly (which of course you should subscribe to) which is awesome! The article takes a few topics and breaks them down for what they mean to InfoSec. Unfortunately to many security people, devops is still Ops 2.0 and is mainly about chef/puppet or that systemic madness called Continuous Delivery. This article attempts to show how security can fit in the new world of devops.
Security Visibility: If You Can’t See ’Em, You Won’t Stop ‘Em! by @txs breaks down the three questions that should keep you up at night if you care about security. This article lays the groundwork of bridging devops and security by focusing on three pragmatic questions. This is a must read.
Rugged Software Engineering video with Nick Galbreath at GOTO London is a recording of Nick’s excellent talk at GOTO London. The GOTO London videos just got uploaded a few weeks back so they are fresh off the presses and ready for your viewing pleasure. I think this talk along with Dan North’s talk on the history of Agile were the highlights of the conference. I will be adding in more links and talks from the conference over the coming weeks and even the one yours truly did.

That’s all for now. Happy Friday everyone!

In the New Year, resolve to bring Security to the DevOps party

Happy New Year! May this be your year of much successful DevOps.

Last year I wasn’t too vocal about my work over at Signal Sciences. Mostly because I was too busy helping to rapidly build a NextGen Web Application Firewall as a SaaS from the ground up. This year you will be hearing a bit more as I am regularly contributing to the Signal Sciences blog (Signal Sciences Labs) over at Medium (sorry WordPress!).

I will try and occasionally link into some of my posts over there to The Agile Admin, around topics like:

The challenges we faced building a modern security product
Bridging the gap with Security and DevOps
Attack Driven Operations
and other Rugged DevOps topics…

Which brings me to the point of this post…

Bring Security to the DevOps party!

I am making a personal goal this year to bring security engineers, auditors, penetration testers and even those forensics folks to the devops party. I have my sights mostly set on DevOps Days Austin as the event to physically bring people to (watch out Austin Security people!) but I am already crafting blog posts and many cunning tweets to also bring them over as well. This year can you join me in trying to bridge this gap?

Last month I had the opportunity to do Sec Casts panel with these fine folks (all of which you should follow) on topics around devops and security:

If you don’t want to hear us go on for about an hour, you can read the write-up here. I mention this panel specifically because I think the topics brought up in it are directly impactful to the goal of bridging security and devops. Maybe it will give you some ideas on how to bridge the gap in your own organization.

Happy New Year and lets make this the year that Security is finally brought into the DevOps fold.

Monthly Archives: January 2016

Links on Bridging Security and DevOps

In the New Year, resolve to bring Security to the DevOps party

Bring Security to the DevOps party!

Subscribe

Recent Comments

Recent Posts

Austinites

Cloud

DevOps

@wickett

@ernestmueller

@iteration1

Archives