DEV Community

Cover image for Secure Devops Tactics
Juan Pablo Ramirez
Juan Pablo Ramirez

Posted on

1

Secure Devops Tactics

So security, if we could agree, it's a catch up game.

I have more than 15 years of security experience and every single time I felt that I was running behind, behind developers, business goals, release times, policy, and many many more reasons.

Trying to reason a deadline or QA, Threat modeling constantly and getting into the CD/CI in the development environment is always a struggle.

Either you have an backlog of the size of Iguazu falls, and can barely catch up, and let's face it, developers are extremely clever to back channel to get faster their feature request from an extremely ever hungrier business development.

And security can wait right? After all nothing can really happen in a few days, or hours and we can always add more firewall and so on.

But that's not the case ever, as we struggle to automate tests, incorporate more checklist and be in every meeting, every decision. One things is obvious, we are an intrinsic part of development and we should become the extra step friend that make it easier and tell everybody to wear a coat because is cold, or take an umbrella because might rain... without being the paranoid or a pain.

For that reason I started a small repo on GitHub , and a meet up weekly, to tell stories, and share advises, small recipes, little pieces of code, that can go a long way in the SecDevOps, helping fellow Security Engineers and Architects to evangelize caution.

Security should be about protecting, oversight, recommendations and thoughtful watch, we are here to help. Not to be an inconvenience or a barrier to business.

Responsibility

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more