DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Building Scalable Real-Time Apps with AstraDB and Vaadin
Register Now

Trending

  • How To Integrate Microsoft Team With Cypress Cloud
  • Seven Steps To Deploy Kedro Pipelines on Amazon EMR
  • MLOps: Definition, Importance, and Implementation
  • Alpha Testing Tutorial: A Comprehensive Guide With Best Practices

Trending

  • How To Integrate Microsoft Team With Cypress Cloud
  • Seven Steps To Deploy Kedro Pipelines on Amazon EMR
  • MLOps: Definition, Importance, and Implementation
  • Alpha Testing Tutorial: A Comprehensive Guide With Best Practices
  1. DZone
  2. Culture and Methodologies
  3. Career Development
  4. Security Is Everybody's Job (Part One)

Security Is Everybody's Job (Part One)

This is the first in a many-part blog series on the topic of DevSecOps.

Tanya Janca user avatar by
Tanya Janca
·
Jun. 04, 20 · Tutorial
Like (2)
Save
Tweet
Share
6.49K Views

Join the DZone community and get the full member experience.

Join For Free

Throughout the series, we will discuss weaving security through DevOps in effective and efficient ways. We will also discuss the ideas that security is everybody's job, it is everyone's duty to perform their jobs in the most secure way they know-how, and that it is the security team's responsibility to enable everyone else in their organization to get their jobs done, securely. 

We will define DevOps, 'The Three Ways', AppSec, and DevSecOps. We will get in deep on the many strategies we can adjust security activities for DevOps environments, while still reaching our goals of ensuring that we reliably create and release secure software.

In summary; We will discuss how to make security a part of our daily work. It cannot be added later or after, it needs to be a part of everything.

But let's not get ahead of ourselves, I have many more posts planned where I will attempt to sway your opinion my way.

Tanya Janca, also known as SheHacksPurple, presenting her ideas in Sydney Australia, 2019. Artwork by the talented Ashley Willis.

The main articles in this series will be public and freely available, but the sub-articles and links may be behind the SheHacksPurple.dev paywall. If you find this series helpful, please consider supporting the author by paying the $7 subscription fee, the equivalent of a fancy latte.

Before we get too deep into anything I'd like to dispel some myths. Look at the image below. This is how *some* security professionals see DevOps. (Slide credit: Pete Cheslock)

This slide's author, Pete Cheslock, is highly intelligent and experienced, this mention is not meant to insult him in any way. The slide is social commentary, it is not literal. That said, many people I've met truly feel this way; that DevOps engineers are running around making security messes where ever go, and that we (security professionals) are left to clean up the mess. I disagree with that opinion.

Luckily for me, my introduction to DevOps was at DevSecCon, where they introduced me to this image. Below you can see the security team teaching, providing tooling, and enabling the magical DevOps unicorns in doing their jobs, securely. This is how I view DevOps; the security team enabling everyone, working within the confines of the processes and systems that all the other teams use. 

This series will be loosely based on a conference talk which I have delivered at countless events, all over the planet, 'Security is Everybody's Job'. You can watch the video here.

In the next article, we will discuss what Application Security is and why it's a problem for our industry.

Application security career DevOps

Published at DZone with permission of Tanya Janca. See the original article here.

Opinions expressed by DZone contributors are their own.

Trending

  • How To Integrate Microsoft Team With Cypress Cloud
  • Seven Steps To Deploy Kedro Pipelines on Amazon EMR
  • MLOps: Definition, Importance, and Implementation
  • Alpha Testing Tutorial: A Comprehensive Guide With Best Practices

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: