Tag Archives: InfoSec WOrld

Security DevOps (SecDevOps)

At InfoSec World a few weeks ago, I was in a talk with Rich Mogull (@rmogull) of Securosis. Rich spoke on the concept of SecDevOps while demonstrating how he applies this concept to workloads running within Amazon. Now, some would argue that DevOps already contains security practices within the workflows. The unfortunate reality is that, in many cases, security is overlooked in the rush to get product out the door. So, how does SecDevOps differ from DevOps? Not a lot, except that it has a higher degree of security focus. The goal of SecDevOps is not to change the developers, but to get the security team involved as a part of development at carefully planned locations within the DevOps workflow.  Continue reading Security DevOps (SecDevOps)

Virtualization and Cloud Conferences for the Year

It is often very hard to plan which virtualization and cloud conferences to attend and why. You may need to start your planning now as justification from work could be hard to come by. It may mean you make the decision to go on your own dime. If you do the later, there are some alternative mechanisms that could work for the bigger conferences. The conferences and events I attend every year depend on my status with the organization hosting those events, and whether or not I can get a ‘deal’ as a speaker, analyst, or blogger. So what conferences do I find worth attending? That will also depend on your job role. There is one I would attend regardless of role, and a few I would attend as a Virtualization and Cloud Security person. All are good conferences. So here is my list: Continue reading Virtualization and Cloud Conferences for the Year