Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

DevOps and BBQ: How Security Is Like Smoking Meat

DZone's Guide to

DevOps and BBQ: How Security Is Like Smoking Meat

Come for the DevSecOps, stay for the barbecue. Okay, you won't get any barbecue, but hopefully, you will learn a few things about security .

· Security Zone ·
Free Resource

Learn how integrating security into DevOps to deliver "DevSecOps" requires changing mindsets, processes and technology.

It isn’t everyone who thinks, “Doesn’t Ubuntu remind you of wild boar?” Or labors over his pit of slow roasted pork shoulder while contemplating containers or dwells on e2e testing while mesquite smoke permeates spareribs.

But, Apollo Clark (@apolloclark) does. Apollo is a foodie of smoked meats (is that a meatie or smokie?) - working to master the craft - understanding different cuts, what each type of wood adds, and the subtleties of sauces. But, alas, it is a hobby - security and DevOps are his career.

Being passionate about both, he naturally sees parallels between the two, so Apollo presented at the 2016 All Day DevOps conference with a session entitled, What Smoking Meat Taught Me About DevOps and Security.

Understandably, you are asking yourself, “What does smoking meat have to do with DevOps and security?” Apollo notes both have tremendous complexity and nuances, there are multiple ways of getting the job done, lots of ways to mess it up, a couple of ways of doing it right, and you are always learning.

apollo 1.png

For both, there are many tools and processes to get the job done. For smoking, your wood is a critical component, along with time. Let’s look at some parallels:

  • Oak = unit testing.

  • Maple = coverage.

  • Apple = dynamic analysis.

  • Peach = static analysis.

  • Mesquite = e2e testing. People love it, but it is difficult to handle.

  • Wine barrel = browser support. This is when you are doing it really well.

  • Bourbon barrel = device support. Pretty complicated.

  • Smoking time = testing. You can test or smoke for 5 min or 5 hours, but there is a sweet spot. You can oversmoke meats and you can over test.

Getting hungry?

apollo2.png

Meat is critical to a meal of smoked meat, but so are many other components. Likewise, software applications take a suite of other tools and components to deliver the full package. Get your taste buds ready, because Apollo likens all of the goodness that goes with smoked meats to tools you use to keep applications running:

  • Sauces = auto-scaling. They both can get pretty complicated. Always a little different, but you have to make it work for you.

  • Bread = monitoring, which is the bread and butter of infrastructure. Make sure you have it up and down your stack.

  • Salad = system logs. Not the sexiest things, but you can rely on them.

  • Fruit = custom application logs. Takes a lot of time to pair them, but takes a really good thing and makes them better.

  • Beer = firewall. You should always have both.

  • Wine = Intrusion detection systems. These are your fine wines.

  • Whiskey = IR training. It takes time and there are so many ways of doing it. When things break, we have procedures on how to deal with them.

When smoking meats and in DevOps and security, Apollo asks and answers, "Do we have to do everything?" No, but the more we do, the better it will taste.

"Does it cost money and take time? Yes, but you can do great things even without money and time. You can use cheap meats and you can use open source. Start simple, build up complexity, and always be learning." Constantly ask yourself, "Am I better today than I was yesterday." If not, be better

You can watch Apollo’s entire talk online here. If you missed any of the other 30-minute long presentations from All Day DevOps, they are easy to find and available free-of-charge here. Finally, be sure to register you and the rest of your team for the 2017 All Day DevOps conference here. This year’s event will offer 96 practitioner-led sessions (no vendor pitches allowed). It’s all free and online on October 24th.

Learn how enterprises are using tools to automate security in their DevOps toolchain with these DevSecOps Reference Architectures.

Topics:
automated security ,security ,devsecops

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}