What is Your Trust Model? Information security conversations often start with the question “What is your threat model?” This blog asks: “What is your trust model?”. Trust is a complex subject and an integral part of managing DevOps-oriented organizations and highly automated IT infrastructures. Who (developers, ops) or what (code, process) is trusted to accomplish […]
Protect and Defend: Repositories
When you’re creating work that gets deployed into production, there is typically a repository involved. It could be a code base, a deployment hub, a definitive software library, a library of VM or application templates, etc. Often, you may not think twice about what’s in these repositories or whether you can trust their content – […]
staging-devopsy.kinsta.cloud Podcast
Mitchell Ashley and I have been doing podcasts together since about 2007 or so. Back then the subject matter was security. But now with the launch of staging-devopsy.kinsta.cloud we are launching a new series of podcasts on DevOps. In doing so we are joining a small field of quality podcasts on DevOps. Podcasts like DevOps […]
Operational Overhead – or why hubris is bad.
Stop me if you’ve heard this one: A guy walks into a meeting and says “We need a system that does something”, and the engineer in the room replies “Oh, we can totally build that”. Most of the punchlines to this joke go “we can totally build it, and now we have to own its […]
My Journey into DevOps
Like many developers, I started my career in a waterfall-based development environment. I was at a very large telecom, working on a product that had been around literally for decades. We’d spend weeks or months in the requirements phase before any code was written. We’d throw the code over the wall after our development period, […]
The Automation Continuum
The speed of innovation these days is often influenced by the speed of adoption of new and exciting tools, and specifically open source tools. Open source projects have been growing at an exponential speed over the course of the past few years; however the process for exploring, testing, configuring, and ultimately integrating these in production […]
DevOps Contrarian
I admire and appreciate the ideas of DevOps as a result of living through two decades of working in IT and experiencing the pain of what I would call the “failed state of IT”. The failed state of IT being something inherently broken, something that couldn’t survive on its own, something that eats its budget […]
DevOps Dirty Little Secrets
By all outward appearances DevOps is gaining real velocity within IT shops worldwide, Duh tell you something you don’t know. I have read much on this topic as I am sure you have, but I never seem to read much with hard data results, other than we are doing great with some very broad metrics. […]
Hacking Your Auditor
No, not that kind of hacking, give me a little credit… Recently I was having a conversation with a consulting friend about DevOps, and he found himself in a bit of a tough situation. The organization he was working with was a pure cloud/DevOps shop, but one that was stepping into having the meet compliance […]
Logging Wins for Devops and Security
Its always great when companies can invest in tools that serve multiple groups and purposes. Ensuring proper setup and use of logs is one toolset that can serve both DevOps and Security. Why logs are important to DevOps DevOps use logs primarily to understand what’s going on inside an application server, database system or the […]
- « Previous Page
- 1
- …
- 978
- 979
- 980
- 981
- 982
- …
- 985
- Next Page »