This presentation delivers some concepts related to the gaps between operations and IT that exist. Addressing the various business needs for consistency and the possible real-world purposes of inconsistency is the premise of this slide deck.
AWS Community Day CPH - Three problems of Terraform
Bridging the Gap: Between Operations and IT
1. Bridging The Gap
Between Operations and IT
Seth Bromberger
Executive Vice President
Information Sharing and Government Outreach
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States
Department of Energy.
2. The Myth
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 2
Department of Energy.
3. The Reality
Differing (but not opposing)
+Time constraints
Pressure to compartmentaliz
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 3
Department of Energy.
4. Organizational Models
Reporting Relationship may impact
understanding
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 4
Department of Energy.
5. Impact of
Legacy Systems
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 5
Department of Energy.
6. What Works
-Common
understanding
-Shared priorities
-Commitment and
action
-Time
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 6
Department of Energy.
7. EnergySec’s Role
Non-profit
Independent
Trusted
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 7
Department of Energy.
8. NESCO Support
Find common “pain
points”
- TFE Working Group
- CIP Education
- Cyber Security training
programs
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 8
Department of Energy.
9. At its core,
the challenge is related to
TRUST,
not
TECHNOLOGY.
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 9
Department of Energy.
10. Drive to Consistency
“We can’t make any changes” “We need to patch NOW”
“We need the same access” “Unique passwords and accounts”
“Our vendor needs admin access” “Administrators are vetted”
Different operational postures = increased
cost always
Consistency not
feasible
Ability to manage inconsistency
= measure of organizational
maturity
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 10
Department of Energy.
11. Benefits of Inconsistency
-Heterogeneous environments are more
secure*
-Customizable, risk-based models
-Stakeholder inclusion = greater trust
-Adaptability, flexibility, and resiliency
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 11
Department of Energy.
12. NEXT WEEK:
Take a nerd to
lunch.
The National Electric Sector Cybersecurity Organization (NESCO) is partially funded by the United States 12
Department of Energy.