BSidesSF 2016

Your operational tools deliver continuous monitoring and alerting—why doesn’t your security suite? No single path exists to a rugged DevOps approach that works for every organization, but certain key principles and techniques are used by the DevOps elite that give them distinct advantages. You can use these and revamp your organization’s processes and behaviors to gain efficiencies in your security operations. Security can no longer be thought of as being a separate step in a launch. Instead, security must be integrated into the overall processes of development and deployment. As organizations move more deeply into continuous patterns of development and deployment, the importance of implementing continuous security behaviors becomes non-negotiable. Attendees will learn strategies to better understand their value to an attacker, how to better define the battlefield for their own advantage, how to identify potential Rugged DevOps allies within the organization, why it is time to embrace continuous security cycles and automate security acceptance tests as part of the QA process, and the value of operationalizing security alerts and remediation efforts to achieve a more agile security posture.