2. James Wickett
james@wickett.me
Austin, TX
Rugged Dev Podcast
Gauntlt Core Team
DevOps Days Austin Organizer
DevOps Days Global Organizer
3. My Journey
Clouding since 2008 and DevOpsing since 2010!
Led National Instruments R&D Cloud Ops team
IoT and Cloud products at Mentor Graphics
Working at Signal Sciences Corp
5. Conclusions
We optimize for the perceived probable
Agile, DevOps and Continuous Delivery practices
have approached this problem in different ways
InfoSec is behind but has a chance to add value
Integrating into the build pipeline wins
21. Behavior Driven Development is a second-generation,
outside–in, pull-based,
multiple-stakeholder, multiple-scale, high-automation,
agile methodology. It
describes a cycle of interactions with well-defined
outputs, resulting in the delivery
of working, tested software that matters.
Dan North , 2009
37. “That the word #devops gets
reduced to technology is a
manifestation of how badly
we need a cultural shift”
- @patrickdebois
http://www.slideshare.net/cm6051/london-devops-31-5-years-of-devops
38. Culture is the most
important aspect to DevOps
succeeding in the enterprise
52. Culture Influencers
Decrease time from development to release
Blameless post-mortems
Reward failure and have a high emphasis on
testing
Unite different disciplines (like dev + ops) to solve
problems
http://www.slideshare.net/wickett/the-devops-way-of-delivering-results-in-the-enterprise
88. “[risk assessment] introduces a
dangerous fallacy: that
structured inadequacy is almost
as good as adequacy and that
underfunded security efforts
plus risk management are about
as good as properly funded
security work”
101. I am rugged and, more importantly,
my code is rugged.
I recognize that software has become
a foundation of our modern world.
I recognize the awesome
responsibility that comes with this
foundational role.
102. I recognize that my code will be used in
ways I cannot anticipate, in ways it
was not designed, and for longer than
it was ever intended.
I recognize that my code will be
attacked by talented and persistent
adversaries who threaten our physical,
economic and national security.
103. I recognize these things – and I
choose to be rugged.
I am rugged because I refuse to be a
source of vulnerability or weakness.
I am rugged because I assure my
code will support its mission.
104. I am rugged because my code can
face these challenges and persist in
spite of them.
I am rugged, not because it is easy,
but because it is necessary and I
am up for the challenge.
124. Gauntlt Philosophy
Gauntlt comes with pre-canned steps that hook
security testing tools
Gauntlt does not install tools
Gauntlt can be part of the CI/CD pipeline
Be a good citizen of exit status and stdout/stderr
MIT Open Source License
133. more on gauntlt
• Google Group > https://groups.google.com/d/
forum/gauntlt
• Wiki > https://github.com/gauntlt/gauntlt/wiki
• Twitter > @gauntlt
• IRC > #gauntlt on freenode
• Issue tracking > http://github.com/gauntlt/gauntlt
134. Free Gauntlt Book
request a copy
book@gauntlt.org
Caveat Emptor:
Under
development!
Valid until Dec 3rd
141. Conclusions
We optimize for the perceived probable
Agile, DevOps and Continuous Delivery practices
have approached this problem in different ways
InfoSec is behind but has a chance to add value
Integrating into the build pipeline wins