5. @petecheslock!5
Companies are Choosing
Speed Over Security
52%
of Companies Admit to
Sacrificing Security for Speed
64%
of Sales professionals say
they have had a deal slowed
down by insufficient security
20. Crop image to fit inside this box
The Bad
Old Days
Software
21. Crop image to fit inside this box
The Bad
Old Days
Software
Devs would rarely even have access to
production systems…
…which means Ops would have to take
the code and install it based on Dev’s
instructions
22. @petecheslock
The Bad
Old Days
Infrastructure
Lead time for new servers would be
measured in weeks (best) or months (worst)
Code could be ready before servers were
available.
Long feedback loops in running code on
actual hardware, wasted time and money.
31. @petecheslock
1 2 3
This is a Story in Three Acts
ACT THREE
Ownership and
Accountability.
ACT TWO
Metrics are a first class
citizen.
ACT ONE
Optimize for ease of
software deployment.
32. @petecheslock
Simplify the act of getting new
software to Customers.
Iterate and improve upon that
process.
Leverage tools like Canary
Deployments and Dark Shipping
Ship the code when its “Ready”
Software Deployment
33. @petecheslock
Simplify the act of getting new
software to Customers.
Iterate and improve upon that
process.
Leverage tools like Canary
Deployments and Dark Shipping
Ship the code when its “Ready”
Software Deployment
36. @petecheslock
What even IS ready?
Ready means…
Reviewed by other engineers
Passed a series of unit,
integration, and functional tests
Reviewed to ensure that it meets
other business or security
requirements
40. @petecheslock
“If you want metrics for your apps - send your data here”
Ops responsibility is to build the systems and make them easy to use
Dev’s responsibility is to instrument their application to understand perf
What About Metrics?
45. @petecheslock
We own the overall health of the
infrastructure.
Ensure we are making the right choices for
Scalability, Availability, and Cost.
We build the tools that enable teams to
deploy, manage, and update their
applications.
Ownership & Accountability
Operations owns the infrastructure
46. @petecheslock
They are on-call and get paged when their
application runs into problems
They manage the life of the service from
idea to deployment and scaling.
Ownership & Accountability
Development owns their applications
50. @petecheslock
Devs need to
trust Ops to
discuss
infrastructure
changes.
How we do DevOps
Ops needs to
trust dev to
involve them on
feature
discussions
59. Crop image to fit inside this box
How to Integrate SecOps?
Similar to integrating Dev and Ops
teams.
Adding Security into the mix - leverage
your shared tools and processes.
Threat Stack uses Threat Stack to
protect Threat Stack.
60.
61. @petecheslock
"Abrasive individuals will single-handed do
more to undermine the security brand and
culture at your company than anything else.”
https://speakerdeck.com/iodboi/crafting-an-effective-security-organisation-kiwicon-8
- Rich Smith (Etsy)