Based on my unscientific poll of friends, one of the least used and most overlooked features of AWS is CloudWatch. Not only can CloudWatch be used to monitor the availability of your AWS services, but it can also be used as anomaly an detection tool. Did I mention that these feature are free? Since the […]
How to un-domesticate your network: DevOps!
When I look at how compliance and regulations have affected network security over the years, I’m reminded of what dog breeder standards and regulations have done to dogs over the years. I’ll use this analogy to make the case that networks have become too domesticated to the point that they are not able to adapt […]
Dev, Ops and Security Collaboration: Bring the body and the mind will follow
Complexity has a way of muddying even the clearest of waters, and this has certainly been the case with IT Operations. While Dev, Ops and Security teams share a common purpose, the silos between them are so deeply entrenched, it’s easy to see how they have forgotten that they are working towards the same end. […]
Trust & the trusted image
What is Your Trust Model? Information security conversations often start with the question “What is your threat model?” This blog asks: “What is your trust model?”. Trust is a complex subject and an integral part of managing DevOps-oriented organizations and highly automated IT infrastructures. Who (developers, ops) or what (code, process) is trusted to accomplish […]
Protect and Defend: Repositories
When you’re creating work that gets deployed into production, there is typically a repository involved. It could be a code base, a deployment hub, a definitive software library, a library of VM or application templates, etc. Often, you may not think twice about what’s in these repositories or whether you can trust their content – […]
Hacking Your Auditor
No, not that kind of hacking, give me a little credit… Recently I was having a conversation with a consulting friend about DevOps, and he found himself in a bit of a tough situation. The organization he was working with was a pure cloud/DevOps shop, but one that was stepping into having the meet compliance […]
Logging Wins for Devops and Security
Its always great when companies can invest in tools that serve multiple groups and purposes. Ensuring proper setup and use of logs is one toolset that can serve both DevOps and Security. Why logs are important to DevOps DevOps use logs primarily to understand what’s going on inside an application server, database system or the […]
Organizational Dysfunction: The original vulnerability
During your teenage years, you may have figured out a way to get a ‘yes’ from your parents by playing off of the responsibility and knowledge gap between them…walking up to your mom and saying something like, “Hey Mom, Dad said he would drive me, can I go out tonight?” and then proceed to your […]
What is Security Policy Orchestration and Why Should DevOps Teams Care?
After attending the DevOps day I wrote about in my last post, I wanted to take a minute to explain exactly what Security Policy Orchestration actually is so we can begin to understand how the two concepts overlap. Simply put, Security Policy Orchestration is intelligent network change automation. It goes beyond simple task automation by […]
DevOps and Security Are Compatible
When I speak with information security organizations faced with the prospect of moving to DevOps, one of the most common fears I hear is that this transition will degrade security of infrastructure and applications. If you’re one of these folks, I understand this fear but you can rest assured: when you do things correctly security will […]










