The struggle for continuous software security is obvious, but the solutions are not. As I indicated in my prior blog, SecDevOps is the Solution to Cybersecurity, a security-first mindset, coupled with SecDevOps-specific practices, provides an opportunity to achieve true continuous security. But, in reality, how can an organization accomplish SecDevOps? This blog explains how to […]
SecDevOps is the Solution to Cybersecurity
Anybody paying attention to world news will notice that the threats and risks perpetrated by cybercriminal actors, in many forms, is a serious problem on the rise, affecting individuals, organizations and nations daily. The cybersecurity threat space is indeed alarming and growing rapidly. The cybersecurity solution space is struggling to keep up. After all, there […]
Are We Leaving Developers Out of DevOps Spinoffs?
SecOps. DataOps. NetOps. Reading these terms, you get the sense that the key to IT efficiency is to make IT Ops work with everyone else. But that’s a mistake, because it leaves developers out of the picture. It’s no secret that the DevOps movement has generated a number of other *Ops initiatives, including those listed […]
Murphy’s DevOps: Is Security Causing Things to Go Wrong?
“Rugged DevOps,” “DevSecOps”—am I missing any? About the only thing more abundant than the volume of terms emerging to describe different facets of how security supports DevOps are the number of vendors now claiming to provide products and services that “solve” related security problems. There have been some interesting offerings we’ve seen emerge at this […]
Flash Mob Inflection: Rugged DevOps Revolution
Truthfully, I was never a huge fan of the HBO series “The Sopranos.” It’s not that it wasn’t entertaining; I just didn’t agree with the “best ever” label that so many espoused during the show’s halcyon days. This had something to do with living in Hoboken, N.J., at the time and feeling the show was […]
Security Breaks DevOps – Here’s How to Fix It
The concepts of communication, collaboration, abstraction, automation and orchestration are cornerstones of the rapidly growing DevOps movement. At the same time reliance on virtualized infrastructure and Infrastructure-as-a-Service has exploded, making manual provisioning and management simply not feasible anymore; it takes too long and locks up too many resources. Modern DevOps methods and tools have emerged, […]
The devOpsSec Dilemma: Effective Strategies for Social Networking
I was sad to hear of the passing of John Nash and his wife Alicia this weekend. May they rest in peace. As a game theorist I am familiar with his work and it just so happens that Nash Equilibriums have been in the center of what I’ve been working with lately. It’s an honor […]
It’s time security pros shake their DevOps fear, uncertainly, and doubt
There’s been considerable discussion recently about how to make certain good security practices remain integrated within DevOps-driven environments. To get the scoop from a security pro who is experienced working on delivering security programs in development environments, I turned to Andrew Storms for some insight. Storms has been leading IT, security and compliance teams for […]
DevOps Security Talks At RSA USA 2015 Conference
DevOps and security. Its a muddled mix of waters made even more confusing by the wet ink still on the concept of DevOps. There is no denying the popularity of DevOps and there is a lot of talk on how the DevOps movement functions alongside security teams. The annual USA RSA conference is just around […]
Complete speakers & schedule for DevOps Connect: SecDevOps @RSAC
The line up for DevOps Connect: SecDevOps @ RSAC is complete. What a great job Gene Kim and Josh Corman did lining up a power-packed schedule. Here is what the day is shaping up to be include: 8:50 to 9:00am Alan Shimel and Mark Miller – Opening remarks and welcome 9:00 to 9:50am […]