Synopsis

In this episode we ask the big question of "Can security be a part of the 'build/deploy faster!' culture?"  We discuss the need to separate out high/low risk code, understanding how to deploy dormant components of the applications, proper testing strategies and branching/merging in a world where faster isn't just an ask, it's a need to stay competitive.

A huge thank you to all my guests for their time and expert insight.  The combined talent and experience of my 3 guests is something you should absolutely take a listen to, as these gentlemen really know what they're talking about - whether it's Information/Application Security, or DevOps ... this is a discussion that bridges both with expert precision.

Guests

• Nick Galbreath - Nick's Linked-In profile says he's been at 5 early to very early startups, all sold, IPO'd or huge - all dealing with massive scaling in load and large data sets.  FaceBook now owns a half-dozen of his patents on social graphs, and Google is using some of his code in Chrome!  On top of that, he's written a book on cryptography too... when he's not out building start-ups, Nick's speaking/teaching or hacking away at code to find better, bigger exploits and fixes.
• James Wickett - James is an innovative thought leader in the DevOps and Information Security communities, and has a passion for helping big companies work like start-ups to deliver products in the cloud.  He got his start in technology when he ran a web startup company as a student, and James is currently employed as a Senior DevOps Engineer working on launching cloud-based products for the Embedded Software division of Mentor Graphics.  James' bio is linked here.
• Olivier Saudan - Olivier is a software security analyst with 10 yeras experience in operations (including Information Security) and a significant development background.  He keeps his identity and employer a mystery due to the nature of his work, and the need for discretion.

Links:

• Recent podcast on DevOps with Gene Kim (part 1 [Episode 10], part 2 [Episode 20])
• Nick Galbreath's "Client9" - http://www.client9.com
• James Wickett's blog - http://blog.wickett.me

Synopsis

This episode was recorded in June '12, live from the show floor at HP Discover Las Vegas, 2012 and the talk of the town was once again DevOps.  Gene and I have had 2 prior conversations on the topic, but we're once again tackling the impact of DevOps on the IT and security relationship and overall business value.  We tip our hats to several people including Josh Corman (Rugged DevOps), David Mortman, James Wickett, Nick Galbreath and Mr. Daniel Blander for their prior contributions and supporting work on the topic.  Gene talks about some of the mechanisms we have available to us to bridge that IT Security-to-developer-to-operations gap that's holding us back from true business value.  Fun fact- studies have found that when you wake up a developer at 2am to solve an issue, problem resolution times plummet!

Enjoy the podcast, and go grab Gene's books when they're available... comments are welcome!

Guest

• Gene Kim - Gene is finishing up the third and fourth books, "When IT Fails: The Novel" and "The DevOps Cookbook," [highly recommended reads for any IT professional who aspires to high performance] scheduled to be published in August 2012. Both are the culmination of over 13 years of researching both high-performing and low-performing IT organizations, as well as benchmarking over 1500 IT organizations to help inform what behaviors simultaneously advance business and information security objectives.  LinkedIn profile, just in case you have never had the pleasure -http://realgenekim.me.

Links

• 
  Gene Kim's publisher website (mentioned in the podcast) - ITRevolution.com