I gave a talk and demo at the 2016 Salt Lake City DevOps Days conference about “Security Automation in a DevOps World”. Just for fun, my laptop ran out of power about 2/3 of the way into the talk. A few good people managed to bring power to the podium and grab my power brick so I could finish the demo. Although a little was missed due to the power outage, all in all it went well.
Cybersecurity is in the news almost every day. It’s not just getting the attention of the technical folks in the trenches, it’s getting attention in the boardroom. It’s also an area that the DevOps culture hasn’t spent as much attention on as we have on testing and deployment automation. This talk is about how to make things better and keep them there – showing you how to get started in 15 minutes.
Making your systems more secure is a daunting task – the average system has something like 100 ways it’s out of step with hardening best practices. If you have 1000 systems, that means you have something like 100,000 problems – it’s overwhelming! There’s also understanding your attack surface (the ways an intruder can enter your systems) – how to understand and minimize it. The talk covered these things:
- How to know what you need to do to harden your systems
- How to triage, manage and track the hardening process – and show your boss what great progress you’re making
- How to keep your systems hardened after you get there
- How to visualize and understand your attack surface