Security, Don't Fear the DevOps

A lot of security people have a bad attitude about DevOps. Heck, sometimes it’s for good reasons. Lots of vendors are selling “DevOps in a box”, they’ll come in and “do the DevOps for you”, etc. What can you end up with? Lots of people with root access to servers with real data on them, code being deployed straight into production without appropriate testing, dogs and cats living together, mass hysteria!

I’m here to show you that it doesn’t have to be that way. I come armed with data from several years of the State of DevOps Report that shows how enterprises are finding security wins in embracing DevOps. I’ll show results of that survey and talk about trends in what we’ve seen. As well, I’ll talk about processes that a security team can put into place to make measurable wins for their infosec program. Not in security? I’ll show you what you can do to help out and start shipping better software or services. This isn’t just for web app shops either, we’ll talk about doing this in enterprise IT where you don’t get the luxury of writing everything you have to run.



Bill Weiss

As a red-and-blue-team member turned sysadmin herder, Bill Weiss had an early introduction to automation in security, and he’s spent the rest of his career trying to bring that idea to more places. He ...