DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • Calendar View
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • Calendar View
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • CI/CD
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Sustainability
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Chronosphere Adds Professional Services to Jumpstart Observability
  • Friend or Foe? ChatGPT's Impact on Open Source Software
  • VMware Streamlines IT Management via Cloud Foundation Update
  • Revolutionizing the Nine Pillars of DevOps With AI-Engineered Tools
  • No, Dev Jobs Aren’t Dead: AI Means ‘Everyone’s a Programmer’? ¦ Interesting Intel VPUs

Home » Latest News Releases » New Context Pioneers Concept of Lean Security with Book Debut

New Context Pioneers Concept of Lean Security with Book Debut

Avatar photoBy: Miles Blatstein on February 17, 2016 Leave a Comment

SAN FRANCISCO–(Business Wire)–New Context Services, Inc., the leading provider of Lean Security for software and infrastructure development, today announced the forthcoming publication of the book “Lean Security” by New Context CEO, Daniel Riedel, and New Context vice president of security services, Andrew Storms.

Recent Posts By Miles Blatstein
  • New Alluxio Release Accelerates Cloud Deployments for Analytics and Machine Learning
  • New Survey Identifies Major Gaps in Fast Data Use Despite Large Corporate Investments
  • Quali CloudShell 7.0 Helps Businesses Deliver Applications Faster with Public, Private, and Hybrid Cloud Support and Powerful Sandboxing Features
Avatar photo More from Miles Blatstein
Related Posts
  • New Context Pioneers Concept of Lean Security with Book Debut
  • Empowering Developers Through Lean Code
  • Code Security: SAST, Shift-Left, DevSecOps and Beyond
    Related Categories
  • Latest News Releases
    Related Topics
  • devops
  • lean security
  • new context services
Show more
Show less

Lean Security applies the “lean” management concept to the world of cybersecurity. New Context has now implemented Lean Security practices and processes with its clients in the United States and abroad, and its experiences with these implementations inform the book’s subject matter and takeaways.

“The ‘lean’ concept has proved incredibly effective for organizations from manufacturing facilities to startups,” said Riedel. “When these principles are harnessed for security, the result is a cohesive environment that ensures continued innovation within a secure framework. Considering that cyberattacks will never cease to exist, this is the only viable model for the future.”

Storms added: “It’s been a long-standing misconception that it is nearly impossible for a company’s software development team to meet the trifecta of being able to push code to production faster, develop more secure code and still reduce costs within the software development lifecycle. Our Lean Security practices buck that notion and are proving to be an effective model for our clients to meet their strategic goals.”

The book is co-authored by longtime security journalist Ericka Chickowski and will be published later this year. Available via www.leansecurity.com, it will explore the five principles of Lean Security, which include:

  • Environmental Awareness: In order to adopt Lean Security principles, everyone – from engineers to architects, line-of-business managers to the C-suite – must keep IT security considerations in mind throughout the entire development lifecycle.
  • Automate or Die: Just as with DevOps, automation is the keystone to Lean Security. In order to establish a continuous delivery pipeline, organizations must develop an entire automated tool chain to push bite-sized pieces of code to production through automated integration, test and deployment. Automated security testing and approval processes must be built into this tool chain to achieve Lean Security.
  • Measure Everything: Feedback is crucial for developing quality applications and eliminating waste from the engineering process. As a result, developers, security teams and operations personnel need to be able to measure application and related infrastructure performance on a continuous basis in order to constantly improve the application accordingly.
  • Simplify Engineering: Complexity is the enemy in development. It makes code messier, more expensive and less secure. The goal of Lean Security is to simplify engineering through more savvy use of third-party components and less frequent reinvention of the wheel.
  • Lean Security Is Not Invisible Security: Security should never be opaque to the user. Users are increasingly aware of security risks today, and it is incumbent upon engineers to show them that security measures are baked into their software.

“If we shift software engineers’ thinking to focus on building security deep into their developmental practices, then we stand a better chance of maintaining operational resiliency when we run,” said Craig Rosen, CSO of FireEye. “I’m excited about Lean Security because it is a model that creates a sustainable environment where engineers, product and finance people can cultivate innovation together amid an increasingly turbulent and dangerous threat landscape.”

Doug Rhoades, director of information security at Sempra Energy, added: “As someone who understands how Andrew and Daniel work and build infrastructure, I’m excited to see them push Lean Security against the current status quo. Cybersecurity is one of the biggest challenges facing critical infrastructure, and it’s key that everyone involved in the development process is included and that it is automated into the business infrastructure. Lean Security does both.”

New Context currently provides Lean Security consulting and services to financial services, energy, infrastructure protection and healthcare organizations. Its partners include thrv, Apigee and Delphix, among others.

About New Context

New Context delivers Lean Security™ through hands-on technical and management consulting. We are a team of experts with extensive backgrounds in information security and scalable, secure application development. Our tools and processes streamline development frameworks to ensure transparent and secure IT software development within DevOps processes. New Context is headquartered in San Francisco.

Web | http://www.newcontext.com/
Twitter | @newcontext
LinkedIn | New Context

View source version on businesswire.com:http://www.businesswire.com/news/home/20160216006671/en/

for New Context
Brenda Patterson, 440-623-9581
[email protected]

Filed Under: Latest News Releases Tagged With: devops, lean security, new context services

« Shouldn’t DBAs Be Part of the DevOps Inner Circle?
Live Blogging Container World »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Securing Your Software Supply Chain with JFrog and AWS
Tuesday, June 6, 2023 - 1:00 pm EDT
Maximize IT Operations Observability with IBM i Within Splunk
Wednesday, June 7, 2023 - 1:00 pm EDT
Secure Your Container Workloads in Build-Time with Snyk and AWS
Wednesday, June 7, 2023 - 3:00 pm EDT

GET THE TOP STORIES OF THE WEEK

Sponsored Content

PlatformCon 2023: This Year’s Hottest Platform Engineering Event

May 30, 2023 | Karolina Junčytė

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Latest from DevOps.com

Chronosphere Adds Professional Services to Jumpstart Observability
June 2, 2023 | Mike Vizard
Friend or Foe? ChatGPT’s Impact on Open Source Software
June 2, 2023 | Javier Perez
VMware Streamlines IT Management via Cloud Foundation Update
June 2, 2023 | Mike Vizard
Revolutionizing the Nine Pillars of DevOps With AI-Engineered Tools
June 2, 2023 | Marc Hornbeek
No, Dev Jobs Aren’t Dead: AI Means ‘Everyone’s a Programmer’? ¦ Interesting Intel VPUs
June 1, 2023 | Richi Jennings

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

Most Read on DevOps.com

What Is a Cloud Operations Engineer?
May 30, 2023 | Gilad David Maayan
No, Dev Jobs Aren’t Dead: AI Means ‘Everyone’s a Programmer’? ¦ Interesting Intel VPUs
June 1, 2023 | Richi Jennings
Forget Change, Embrace Stability
May 31, 2023 | Don Macvittie
Five Great DevOps Job Opportunities
May 30, 2023 | Mike Vizard
Checkmarx Brings Generative AI to SAST and IaC Security Tools
May 31, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.