I attended the DevOpsDaysRox (Rockies) conference last year, and it was a great conference – great speakers, interesting people at the conference in a good venue. This year, I’ll be giving a talk at DevOpsDaysRox 2016 – about the intersection of DevOps and security. This is a challenging space, since security has trouble keeping up with “normal” IT, and one of the common goals of DevOps is greater velocity – more changes faster. So, pretty clearly you need more security automation (very DevOpsy), low noise rates, and a scheme that accommodates not just the leading edge things which fall under the DevOps mantra, but also covers as much of the other cruft left over from the Precambrian era as possible (very unDevOpsy). With security, your infrastructure is unfortunately only as strong as your weakest system – so like it or not, you need to understand what all your systems are doing.
DevOpsDaysRox 2016 Talk Abstract
Cybersecurity is in the news almost every day. It’s not just getting the attention of the technical folks in the trenches, it’s getting attention in the boardroom. It’s also an area that the DevOps culture hasn’t spent as much attention on as we have on testing and automation. This talk is about how to make things better and keep them there – showing you how to get started in 15 minutes.
Making your systems more secure is a daunting task – the average system has something like 100 ways it’s out of step with hardening best practices. If you have 1000 systems, that means you have something like 100,000 problems – it’s overwhelming! There’s also understanding your attack surface (the ways an intruder can enter your systems) – how to understand and minimize it. This talk will cover these things:
- How to know what you need to do to harden your systems
- How to triage, manage and track the hardening process – and show your boss what great progress you’re making
- How to keep your systems hardened after you get there
- How to visualize and understand your attack surface
And I’ll be giving only one of a number of really great talks – to a bright and interested audience – so if you have any way at all to come to the DevOpsDaysRox 2016 conference on 21-22 April, 2016, then you should be there – it’ll be an awesome great time of learning and networking for all!