Next week is the big RSA Conference in the US (San Francisco), and I’m really looking forward to leading a panel discussion on “Making Rugged DevOps and Infosec Work.”  The session will be on Tuesday, February 26 at 3:50pm in Room 132, so if you’re at the RSA event, I’d love to see you there.

I’ll be moderating the panel, which will consist of (alphabetically by last name):

Deploy fast, fail fast, learn fast, improve fast

If you’re not familiar with the DevOps movement, it is a way of working that enables extremely rapid code deployment, using an integrated approach that ties development and operations together in a very Agile way.  I paraphrase the goals of DevOps as “deploy fast, fail fast, learn fast, improve fast.”

Some great companies have embraced this model to great effect:  Amazon, Netflix, Etsy, and many more.  These companies have proven that DevOps has great business value.  To put it in perspective, these organizations routinely conjure thousands of compute instances doing over 1000 deploys per day.

Where’s security in a rapid deployment world?

With all of this focus on “fast,” many organizations are worried that “secure” may be forgotten.  Our talk is focused on how to ensure that Information Security is an integral part of DevOps, providing baked-in security without slowing things down.

We’ll be discussing the wins (and epic fails) that our panel has seen along their respective journeys, and discussing practical approaches for keeping DevOps approaches secure.  It will be a lot of fun.

Categories Risk-Based Security for Executives, , , , Risk-Based Security for Executives, , , , IT Security and Data Protection, , IT Security and Data Protection,

Tags , , , , , ,

SANS Endpoint Security Maturity Model
  • Adam Montville

    I'm looking forward to this talk, Dwayne, thanks for putting some context around it. DevOps might be the first step in an overall revolution in IT security. We need to be less concerned about prose frameworks and more concerned about how those ideas are conveyed to and realized in operations.

Dwayne Melancon

Dwayne Melancon has contributed 141 posts to The State of Security.

View all posts by Dwayne Melancon >