Variations in lubrication and incentive.

@iflowfor8hours

matt at contino.io

"It is not necessary to change. Survival is not mandatory."

W. Edwards Deming.

What are the kinds of things that you hear when someone tells you about the success of their devops practice?

What are the kinds of things that you hear when someone tells you about the success of their security practice?

Defend

Detect

React

Business Analysts

Developers

Operations

Devops Practitioner

(or my opinion)

How did the perception change enough to the point that we all know what devops is in some capacity?

Charisma

Autonomy

Legwork

Marketing

Sales

Culture

Automation

Lean

Measurement

Sharing

Empathy and Understanding

DevOps and Security Shared Values

  • Lower operational complexity makes things easier to reason about.
  • Learning from the past makes us less likely to screw up in the future.
  • Knowing when something is wrong is critical to fixing it.

Operational Complexity

Learning from past mistakes

Lowering communication costs

Security

Culture

tldr;

  • Adding security to your culture is an ongoing process

  • Communication is, as usual, a sharp tool that can be used for good or bad outcomes

  • Security must become part of the process to be successful.

Questions?

There is much more to explore here.

 

  • Security of your pipeline
  • Security in your pipeline
  • Secrets management
  • Key rotation policies
  • Security drills!
  • Penetration tests and audits
  • Account Audits!
  • Update policies

thanks.

matt@iflowfor8hours.info

@iflowfor8hours

Grease Fires in Devops and security

By Matt Urbanski

Grease Fires in Devops and security

Presentation at Chef in Seattle about fires and security. https://github.com/iflowfor8hours/til/blob/master/presentations/pipeline_security/outline.md

  • 1,241