DevOps.com

Where the world meets DevOps

  • Home
  • Features
  • Neighborhoods
    • Cloud
    • Continuous Delivery
    • Continuous Testing
    • DevSecOps
    • Leadership Suite
    • Practices
    • ROELBOB
    • Toolbox
  • Webinars
    • Upcoming
    • On-Demand
  • Library
  • Chat
  • News
  • Authors
  • Directory
  • About
  • Related Sites
    • Container Journal
    • DevOps Connect
    • DevOps Dozen
    • DevOps Institute
    • Microservices Journal
    • Security Boulevard

Home » Blogs » DevSecOps » DevSecOps: Don’t Invest In Hope

DevSecOps Don't Invest In Hope

DevSecOps: Don’t Invest In Hope

By Derek E. Weeks on March 23, 2018 Leave a Comment

A successful DevSecOps approach is rooted in action, not hope.

 
Recent Posts By Derek E. Weeks
  • Reducing Risk in Applications Using Docker Containers
  • 200 Billion Downloads Can’t Be Wrong
  • Challenges in Leading a DevOps Team at a Fortune 100 Company
More from Derek E. Weeks
Related Posts
  • DevSecOps: Helping Contain the Security Problems Containers Introduce
  • DevOps Chat: DevSecOps with Signal Sciences’ James Wickett
  • DevOps Chat: Post-DOES Workshop w/ Gary Gruver & Helen Beal
    Related Categories
  • Blogs
  • DevSecOps
  • Enterprise DevOps
    Related Topics
  • all day devops
  • devsecops
  • security
  • tools
Show more
Show less
 

There is a lot of investment in hope.

 

I hope we won’t get breached.

 

I hope our DevOps teams aren’t deploying thousands of vulnerable containers.

 

I hope our developers aren’t downloading millions of vulnerable open source components.

 

I hope our developers and security teams will figure out how to work together.

 

I hope we won’t be fined under GDPR.

 

I hope the hackers don’t notice.

 

Yet, the fact remains that hope will not reduce breaches. Hope does not safeguard your containers or components. Hope cannot achieve collaboration. Hope won’t prevent a fine. Hope is not a strategy.

 

Many organizations are considering their approach to DevSecOps. They are moving beyond hope to strategy. They are choosing action over indifference. They are taking the first step of their journey.

 

Here are three ways to start your journey:

 

Picture This

 

We all learn from others. Here is a collection of 20 DevSecOps reference architectures. They reveal the choices and priorities others have made ahead of you. Look at what they did. Choose to do something similar, or create your own path from a mix of their ideas. If your canvas is blank, use these to draw something.

 

Watch This

 

The pioneers are the ones with the arrows in their backs. Another word for DevSecOps pioneers is practitioner. And many practitioners have navigated their journey successfully enough to share it. More than 15 practitioners shared the tale of their DevSecOps journey during All Day DevOps. Every session was recorded online. Every session is free. Start with this one from DJ Schleen at Aetna and then pick your next one.

 

Start There

 

In a panel discussion I sat on recently as a prelude to DevSecOps Days at this year’s RSA Conference, I heard some very practical advice (find the recording here). One of the other panelists, Stephanie Derdouri from Fannie Mae, advised our audience to start with one thing. Don’t pick a bunch of strategies and tactics. Just pick one painful, suboptimal or annoying practice tied to security and improve that element within your DevOps practice.

 

Pick only one. Start there.

 

Hope is not a strategy. Action is your only safe option. Take the first step.

  
Sponsored Content
Featured eBook
Extreme IT Automation

Extreme IT Automation

DevOps has transformed the way organizations create, test, deploy, monitor and update software. It has fundamentally changed corporate IT culture—breaking down roadblocks and barriers between teams and compressing timeframes to enable companies to function more efficiently. The fuel that drives DevOps is automation. This complimentary resource is offered by DevOps.com ... Read More
 

Filed Under: Blogs, DevSecOps, Enterprise DevOps Tagged With: all day devops, devsecops, security, tools

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • More
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
« The Travails of a DevOps Influencer
A Saner Way to Build a DevOps Cloud »

Newsletter Sign-up

  • View DevOps.com Privacy Policy

RSS Container Journal

  • 5 Key Considerations for Managed Kubernetes
  • Latest Container Vulnerabililty Creates Another Tempest in a Security Teapot
  • IBM Uses Kubernetes to Run Watson Apps on Any Cloud
  • What is Knative, and What Can It Do for You?
  • NeuVector Extends Container Security Reach to Service Meshes

RSS Security Boulevard

  • WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in
  • What is Data in Vicinity?
  • Consumer Privacy in Question Over Ring Video Files
  • New Shlayer Malware Variant Targeting Macs
  • DevOps Chat: Shifting DevSec Left with ShiftLeft – RSAC Edition

Upcoming Webinars

Wed 20

Reaching Cloud Utopia: How to Create a Single Pipeline for Hybrid Deployments

Wed, February 20, 11:00 am - 12:00 pm EST
Thu 21

The Ultimate Application Monitoring Guide for Kubernetes

Thu, February 21, 1:00 pm - 2:00 pm EST
Thu 21

How Autodesk Delivers Seamless Customer Experience with Catchpoint

Thu, February 21, 3:00 pm - 4:00 pm EST

More Webinars

Past Webinars

From Our Sponsor

IBM Case Study - Fujitsu

RSS DevOps Chat

  • Serverless App Building Made Easy w/ Ashu Agarwal, Nimbella
  • Mainframe DevOps Update w/ Chris O'Malley
  • Shifting DevSec Left with ShiftLeft /RSAC Special
  • DisruptOps: SecurityOps Disrupted / Special RSAC Edition
  • DevSecOps @ RSA Conference with James Wickett and Shannon Lietz

Past Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • Business Directory
  • About DevOps.com
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

© 2019 ·MediaOps Inc.All rights reserved.

    • Twitter
    • LinkedIn
    • Facebook
    • YouTube
    • RSS Feed
  • Home
  • Features
  • Neighborhoods
    • Cloud
    • Continuous Delivery
    • Continuous Testing
    • DevSecOps
    • Leadership Suite
    • Practices
    • ROELBOB
    • Toolbox
  • Webinars
    • Upcoming
    • On-Demand
  • Library
  • Chat
  • News
  • Authors
  • Directory
  • About
  • Related Sites
    • Container Journal
    • DevOps Connect
    • DevOps Dozen
    • DevOps Institute
    • Microservices Journal
    • Security Boulevard
  • Home
  • Business Directory
  • About DevOps.com
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.