DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. The DevSecOps Equilibrium

The DevSecOps Equilibrium

Bring the different departments in your DevOps process into balance by encouraging mutually beneficial and trusting relationships.

Derek Weeks user avatar by
Derek Weeks
·
May. 27, 19 · Opinion
Like (2)
Save
Tweet
Share
6.72K Views

Join the DZone community and get the full member experience.

Join For Free

Image title


Can you feel the tension in your organization between security, operations, and development? Does each side try to outmaneuver the other? Do they not talk for fear of conflict or being halted in their tracks? You know something needs to be done, but what do you do? The answer is simple — everyone needs to be more like pitcher plants. Stay with me here.

Chris Corriere is a fascinating guy to talk to, whether it's over a bowl of ramen or between sessions at a DevOps Days conference. He is one of those guys who searches for the deeper meaning of work, relationships, and behaviors. In every conversation, you'll learn something.

It's why we're revisiting his talk from the 2017 All Day DevOps — there still a lot to learn from him. In that discussion, Chris Corriere (@cacorriere) talks about the Nash equilibrium in relation to security and DevOps environments, shows how nature adapts to similar situations, and presents how we can pull security into a trust relationship, forming DevSecOps.

Every game has a dilemma. Chris explains, "The Sec in DevSecOps means the security folks are explicitly invited to the table. The dilemma is the fact that the invitation isn't implied."

In game theory, this fits into the Nash equilibrium — what is commonly illustrated as the Prisoner's Dilemma. You know the setup: two prisoners (A and B) are offered deals to testify against the other, but the deal goes away if prisoner A implicates B and vice-versa. Although if neither A nor B takes the deal, their sentences will be shorter than if they are both implicated. But, A and B can't talk to each other before deciding.

Chris contends the better illustration is the Stag Hunt. The hunters can work together and potentially get a stag to share for food, but, say one sees a rabbit on the hunt first. They could kill the rabbit and have some guaranteed food, but it would be a much smaller amount and could leave their partner high and dry. Cooperate or compete? Oh, the dilemma!


Chris then presents what he coined the Trinary Nash Equilibria — that each relationship in nature can devolve into: commensalism, where one organism benefits but the other one neither benefits or is harmed; amensalism, where one organism is inhibited or destroyed while the other is unaffected; or, parasitism, where one benefits at the expense of the other. None of these are beneficial for both organisms.

What we want to strive for in our organization is symbiotism, a cooperative relationship with high trust, that is beneficial to both parties.

This is seen throughout nature. One example Chris gave comes from low-light, crowded swamps where plants compete for sunlight and nutrients. A species of pitcher plants is shaped so that bats can easily find them with their echolocation cries. The bats roost on the plants, relatively parasite free, and the plant eats their poop. While admittedly gross for you and me, it is a win-win for the bat and the plant.

The DevSecOps lesson for the day: become the pitcher plant — adapt and offer value to unlikely partners.

Of course, human relationships are more complex than pitcher plants and bats. Chris talks for a bit about the Cynefin sense-making Framework by Dave Snowden.


As Chris talked about jungles, ecosystems, and nature, he walked through the value of diversity in nature, making the point that diversity reduces risk, whether in nature or in organizations. Monocultures don't survive. In DevSecOps, diversity is more than just combining development, security, and operations. It is about different skill sets, backgrounds, thoughts, beliefs. They combine to make our organizations stronger.

In the end, Chris left us with three takeaways:

  • Augment humans with tech instead of replacing them.
  • Spend time together. Communicate. Build trust. [Hint: this is the most important one]
  • Work in diverse teams with mutual goals.

If you happen to be at the same DevOps conference as Chris, seek him out. He has some more interesting illustrations from nature and math to help us better understand and improve our organizations, such as Wardley value chain mapping, replacing Maslow's hierarchy of needs, and Inclusive Collaboration.

security DevOps Trust (business) Illustration IT DAvE (Infineon) teams Session (web analytics) Conversations (software)

Published at DZone with permission of Derek Weeks, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Taming Cloud Costs With Infracost
  • The Importance of Delegation in Management Teams
  • Continuous Development: Building the Thing Right, to Build the Right Thing
  • Remote Debugging Dangers and Pitfalls

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: