DevOps and security. Its a muddled mix of waters made even more confusing by the wet ink still on the concept of DevOps. There is no denying the popularity of DevOps and there is a lot of talk on how the DevOps movement functions alongside security teams.
The annual USA RSA conference is just around the corner and its worth noting a handful of DevOps focused talks deserving of your attention.
- On Monday 4/20 is a pre-RSA mini summit entirely focused on the intersection of DevOps and security. DevOps Connect: SecDevOps @RSAC
- David Mortman and Josh Corman are giving their talk twice during the week. Continuous Security: 5 Ways DevOps Improves Security
- The dynamic duo of Chris Hoff Rich Mogull return again this year with a talk titled Something Awesome on Cloud and Containers. Its sure to be entertaining, educational and include DevOps topics.
- Scott Kennedy and Shannon Lietz have selected to use the DevOps + Security word munge of “DevSecOps” in their talk titled Enterprise Cloud Security via DevSecOps
- Adrian Lane of Securosis has a very interesting talk that looks to be right up my alley. Check out Secure Agile Development: Why Can’t We All Get Along
- Be sure to check out Elizabeth Lawler’s talk Is DevOps Breaking Your Company? She will be talking about the challenges that DevOps has introduced to the security team.
- Also be sure to check out the panel discussion Pragmatic SecDevOps with Adrian Lane, Mike Rothman and Rich Mogull.
- Ben Tomhave will be presenting Automate or Die! How to Scale and Evolve to Fix Our Broken Industry. He will be addressing security challenges and how DevOps principles can be used as solutions.
- The future of operational security is changing. The panel of David Mortman, Jack Daniel, Katie Mousssouris and Trey Ford will discuss in We Have Met the Future of Security and It Is Us
- Alan Shimel is leading a peer to peer discussion Continuous Network Compliance: Finding Flaws and Betting Futures
- And finally, this guy named Andrew Storms is presenting How Security Can Be the Next Force Multiplier in DevOps
I am anticipating a lot of common themes around integrating DevOps and Security regarding tools, processes and culture. Given the history of these speakers, you can probably anticipate many of them to be on the bandwagon of security and DevOps folks better learn to work together and learn from each other or be prepared to find a new job.
If I missed a talk that specifically covers the nexus of DevOps and Security at RSA USA this year, please leave a comment and I’ll be sure to get it included.