As the practices and benefits of DevOps have spread over the years, we’ve seen a drastic improvement in the speed and efficiency organizations are able to gain in their development pipelines. This was achieved in large part by giving Development engineers and Operations engineers a common language to speak and goal to accomplish. Security reviews, however, still remain a bottleneck or are overlooked entirely, which leads to increased risk, especially as speed increases. As dev and ops teams scramble to remediate out-of-compliance assets, larger regulatory audits, such as for SOC2, HIPAA, and GDPR, steal even more engineering time that could be spent building features for customers.
By including Security and Compliance engineers in the DevOps discussion, organizations can shift security reviews to the left in their development pipeline. By codifying security and compliance regulations, teams can develop a common language and common goals to bring Security into the DevOps age. And by working together toward a common goal, engineers can increase the rate of innovation they’re shipping while simultaneously decreasing the rate of risk!
In this workshop, I’ll walk through using the Chef InSpec language to do this, but the concepts and practices are applicable regardless of the testing Language you’re using.
Location: Studio Movie Grill