Your SlideShare is downloading. ×
Security Loves DevOps: DevOpsDays Austin 2012
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Security Loves DevOps: DevOpsDays Austin 2012


Published on

Discusses the intersection between security and DevOps and how Security people can leverage DevOps and vice versa.

Discusses the intersection between security and DevOps and how Security people can leverage DevOps and vice versa.

Published in: Technology, Business

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • ----- Meeting Notes (4/1/12 15:14) -----1. Firewall rules faster2. Three things: - Information: What's vuln - Remediation: Fix it once and fast. - Consistency - things stay fixed
  • Transcript

    • 1. DevOps & Security James Turnbull Puppet Labs DEVOPSDAYS AUSTIN 2012
    • 2. Who me?• Puppet Labs employee• Security boffin• Open source fan• Author• Australian• Expletives DEVOPSDAYS AUSTIN 2012
    • 3. More introductionsDoes anyone here work in Security? DEVOPSDAYS AUSTIN 2012
    • 4. Three things I hated about Security1. Not being liked2. Not being effective3. Not being happy DEVOPSDAYS AUSTIN 2012
    • 5. Meme theft… DEVOPSDAYS AUSTIN 2012
    • 6. What IT think Security do DEVOPSDAYS AUSTIN 2012
    • 7. What the business think Security do DEVOPSDAYS AUSTIN 2012
    • 8. What Security people think they do DEVOPSDAYS AUSTIN 2012
    • 9. What Security Isn’t DEVOPSDAYS AUSTIN 2012
    • 10. What Security Is (or Should Be)• Partnership not conflict• Servicing and Protecting all customers• Allowing increased risk appetite• Enabling the business to do business DEVOPSDAYS AUSTIN 2012
    • 11. The Intersection DEVOPSDAYS AUSTIN 2012
    • 12. Security people are people too DEVOPSDAYS AUSTIN 2012
    • 13. Security people are people too• Developer People• Ops People• DBA People• Network People• Storage People DEVOPSDAYS AUSTIN 2012
    • 14. DevOps & SecurityYou should care about security too! DEVOPSDAYS AUSTIN 2012
    • 15. DevOps & Security Evolution is mutual DEVOPSDAYS AUSTIN 2012
    • 16. Getting Security to Listen It’s all about the culture DEVOPSDAYS AUSTIN 2012
    • 17. Getting Security to ListenDestroy the blame culture DEVOPSDAYS AUSTIN 2012
    • 18. Getting Security to Listen Speak the same language DEVOPSDAYS AUSTIN 2012
    • 19. Getting Security to Listen "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducingrisk to an acceptable level, based on the value of the information resource to the organization.” DEVOPSDAYS AUSTIN 2012 - CISA
    • 20. Getting Security to ListenLet the business do business with the right controls DEVOPSDAYS AUSTIN 2012
    • 21. Talking Controls• Provisioning & Deployment: Efficiency• Configuration Management: Inconsistency is the enemy of security• Incident Management: Information is King• Audit: Magic away auditors DEVOPSDAYS AUSTIN 2012
    • 22. Ideas for Collaboration DEVOPSDAYS AUSTIN 2012
    • 23. DevOps & Security• Get roles and responsibilities right• Security people are (skilled) people too• Risk Register diving DEVOPSDAYS AUSTIN 2012
    • 24. Dev & Security• Put Security people into Dev• Gather security requirements early• Designed for security == Deployed sanely & securely DEVOPSDAYS AUSTIN 2012
    • 25. Ops & Security• Embed Security into Ops escalation• Invite Security to post-mortems• Expose Security to your metrics & data DEVOPSDAYS AUSTIN 2012
    • 26. Thanks James @kartar DEVOPSDAYS AUSTIN 2012