Next week is the big RSA Conference in the US (San Francisco), and I’m really looking forward to leading a panel discussion on “Making Rugged DevOps and Infosec Work.” The session will be on Tuesday, February 26 at 3:50pm in Room 132, so if you’re at the RSA event, I’d love to see you there.
I’ll be moderating the panel, which will consist of (alphabetically by last name):
- Josh Corman (@joshcorman), the Director of Security Intelligence of Akamai Technologies, co-founder of the Rugged Software Movement, former 451 Group analyst, and security contrarian extraordinaire;
- Nick Galbreath (@ngalbreath), VP of Engineering at IPONWEB, previously at Etsy & RightMedia, and author of, “Cryptography for Internet & Database Applications;”
- Gene Kim (@realgenekim), the founder and former CTO of Tripwire, who’s also a researcher and one of the authors of, “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win;”
- David Mortman (@mortman), Chief Security Architect of enStratus, Contributing Analyst at Securoris, and Former CISO Siebel Systems.
Deploy fast, fail fast, learn fast, improve fast
If you’re not familiar with the DevOps movement, it is a way of working that enables extremely rapid code deployment, using an integrated approach that ties development and operations together in a very Agile way. I paraphrase the goals of DevOps as “deploy fast, fail fast, learn fast, improve fast.”
Some great companies have embraced this model to great effect: Amazon, Netflix, Etsy, and many more. These companies have proven that DevOps has great business value. To put it in perspective, these organizations routinely conjure thousands of compute instances doing over 1000 deploys per day.
Where’s security in a rapid deployment world?
With all of this focus on “fast,” many organizations are worried that “secure” may be forgotten. Our talk is focused on how to ensure that Information Security is an integral part of DevOps, providing baked-in security without slowing things down.
We’ll be discussing the wins (and epic fails) that our panel has seen along their respective journeys, and discussing practical approaches for keeping DevOps approaches secure. It will be a lot of fun.
Categories: Risk-Based Security for Executives, Connecting Security to the Business, Government, IT Security and Data Protection, Risk-Based Security for Executives, Risk Management, Risk-Based Security for Executives, Security Awareness, IT Security and Data Protection, Security Controls, IT Security and Data Protection, Security Hardening