Elevator Pitch
DevOps is not just about deploying software, it’s about reducing bottlenecks and bringing value to the business. By utilizing DevOps techniques we can build a strong security practice that everybody is invested in, even your Developers and Operations Teams!
Description
In a previous role I utilized DevOps practices to lead a major transformation of the security and auditing practices of our team taking them from failure-prone manual repetitive tasks to fully automated unicorn status. This talk will outline the changes we made both technically and culturally to transform not only the security team, but the whole organization into treating security as a design goal rather than an afterthought.
You’ll leave this talk with a solid grasp of the tools and techniques needed to knock down the silos around your security team and enter a utopian world of security first engineering.
Notes
When my employer was acquired by a much larger company we inherited a security team with great ideas but outdated tools and practices. I worked with that team for about 18 months and mentored them in DevOps practices and techniques and together we transformed into a new security practice that was fully automated and significantly improved the overall value that the security team brought to the business and became core to the way the teams developed and deployed code. I want to share this experience and help others achieve the same results.
I have presented this at Devopsdays Seattle and a few other events, sadly there is no recording published (yet!) to link to.