The DevOps pipeline is constantly changing. Therefore relevant security
controls must be applied contextually.
We want to be secure, but I think all of us would rather spend our time
developing and deploying software. Keeping up with server updates and all of
the other security tasks is like cleaning your home - you know it has to be
done, but you really just want to enjoy your clean home. The good news is you
can hire a "service" to keep your application security up-to-date, giving you
more time to develop.
At the recent All Day DevOps conference, Akash Mahajan (@makash), a
Founder/Director at Appsecco, discussed how to harden your system's security
with Ansible. In addition to his role at Appsecco, Akash is also involved
as a local leader with the Open Web Application Security Project (OWASP).
Misconfiguration. During his presentation, Akash mentioned the OWASP ... (more)
When you have a billion users, people notice. That's where our story about
DevOps and Yahoo! starts. For Kishore Jalleda and Gopal Mor, both engineers
at Yahoo!, when something goes wrong on a Yahoo! page, people will notice.
Correction: a lot of people will notice.
Of course, Yahoo!, like all services on the Internet, constantly improves its
products. In fact, they have 100+ iterations and experiments happening at
any given time. Some changes bring new innovation to the forefront and
others alter the user experience.
When iterations and experiments are served in front of loy... (more)
We all know the story: a farm, a kid, a Commodore 64, and a modem maxing out
at 300 bps. A few unexpected phone bills later, and young Ian Allison is
figuring out how to game the system so he can keep using his newfound
gateway to the world of tech. According to Ian, that is where he began
building the foundation of skills for his career in computer security.
At the recent All Day DevOps conference, Ian (@iallison), now with Intuit,
talked about his history of being "that" security guy. You know, the one who
thinks developers don't care about security or deadlines, and, really, ... (more)
When building DevOps or continuous delivery practices you can learn a great
deal from others. What choices did they make, what practices did they put
in place, and how did they connect the dots?
At Sonatype, we pulled together a set of 21 reference architectures for
folks building continuous delivery and DevOps practices using Docker. Why?
After 3,000 DevOps professionals attended our webinar on "Continuous
Integration using Docker" discussing just one reference architecture example,
we recognized there was a strong interest in the community to learn more.
That's why we assem... (more)
Ed was demoralized. He had just heard a speaker who would change his life. He
knew he needed to change, and he knew what the end goal was. He just didn't
know how to get there. He needed fresh air. He needed endorphins. What better
way to do that than go on a 6-hour run through some of the seedier
neighborhoods of Vegas to the edge of the desert.
Ed Ruiz (@eruiz06) is the Senior Director of IT for the Association of
Schools and Programs of Public Health (ASPPH), and I heard him share lessons
learned from his conversion to DevOps during the marathon All Day DevOps
Conference (fre... (more)