Keynote :Why Infosec Needs Rugged DevOps Now: A Fifteen Year Study Of High Performing IT Organizations presented at OWASPAppSecCalifornia 2014

by Gene H. Kim,

Summary : The velocity of modern IT is breathtaking: while most IT organizations struggle with monthly releases, agile organizations like Netflix, LinkedIn, Twitter, Github, Etsy and others are doing tens, hundreds, or even thousands of code deploys per day. They have shown the competitive advantage that the combination of commoditized cloud infrastructure, DevOps processes and hypothesis-driven development can create.
They are quickly releasing features that matter to customers, saving the business money, while helping the business win. This agility and cost-savings delights the business. And with good reason, it can terrify information security and audit. If security was easily marginalized in a conventional IT organization, DevOps can be completely bypass security.
DevOps aligns the former adversaries of Dev and Ops. Security needs to enable ludicrous speed or be left behind. Where security has failed, we believe Rugged DevOps can succeed, by integrating into DevOps, helping develop applications that are scalable, available, survivable, securable, and supportable.
In this talk, I’ll presenting key findings of my 15 years of research of high performing IT organizations, and prescriptive patterns of how infosec can best integrate into the daily work of Dev and Ops.