Ell and Wes sit down with Karthik Gaekwad to sort through the buzzword bingo and explain what DevSecOps is, what it isn’t, and why security should be part of the full lifecycle of your apps.
- DevSecOps Days is coming to Austin, Texas. — Join us for the first ever DevSecOps Days Austin, Texas. Meet fellow practitioners integrating security into their DevOps practices. Learn about their journeys, share ideas on integrating security into your teams, and trade insights on automating security within the entire developer and production pipeline. Come learn how to put the "Sec" into DevSecOps.
- How DevOps and security teams can get along better — One of the biggest issues for IT security teams is getting involved early enough in the development process. For many, security is something that gets applied once the applications have been built and are moving into production. However, this is an old fashioned approach that is held over from the days when development took place in waterfall phases and applications were held behind strong perimeter security implementations.
- What is DevSecOps? — DevOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security must also play an integrated role in the full life cycle of your apps.
- Security’s Shift Right — Once you give up on the idea of teaching developers to not write bugs, you are freer to think of approaches to help them. One of the best approaches is to provide rapid feedback to developers. In the land of application performance, we found that running APM tools in production was a way to help developers find places to optimize their code. This created a feedback loop from production (the right) to development (the left).
- Karthik on Twitter — I live in Austin, work with @golang, k8s & containers at Oracle; @lynda author; organize @devopsdays, @container_days and @cloud_austin. Views are my own.