Upload
james-wickett
View
562
Download
0
Tags:
Embed Size (px)
Citation preview
James [email protected]
Austin, TX
Rugged Dev Podcast
Gauntlt Core Team
DevOps Days Austin Organizer
DevOps Days Global Organizer
My Journey
Clouding since 2008 and DevOpsing since 2010!
Led National Instruments R&D Cloud Ops team
IoT and Cloud products at Mentor Graphics
Working at Signal Sciences Corp
Conclusions
We optimize for the perceived probable
Agile, DevOps and Continuous Delivery practices have approached this problem in different ways
InfoSec is behind but has a chance to add value
Integrating into the build pipeline wins
Behavior Driven Development is a second-generation, outside–in, pull-based,
multiple-stakeholder, multiple-scale, high-automation, agile methodology. It
describes a cycle of interactions with well-defined outputs, resulting in the delivery of working, tested software that matters.
Dan North , 2009
Agile Infrastructure
@littleidea @patrickdebois at Velocity 2009
http://itrevolution.com/the-history-of-devops/
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
http://dev2ops.org/blog/2010/2/22/what-is-devops.html
“That the word #devops gets reduced to technology is a manifestation of how badly we need a cultural shift”
- @patrickdebois
http://www.slideshare.net/cm6051/london-devops-31-5-years-of-devops
http://puppetlabs.com/sites/default/files/2014-state-of-devops-report.pdf
the first scientific study of the relationship between organizational performance, IT performance and
DevOps practices
Firms with high-performing IT
organizations were twice as likely to exceed their
profitability, market share and productivity goals.
Organizational culture is one of the strongest predictors of both IT
performance and overall performance of
the organization.
Culture InfluencersDecrease time from development to release
Blameless post-mortems
Reward failure and have a high emphasis on testing
Unite different disciplines (like dev + ops) to solve problems
http://www.slideshare.net/wickett/the-devops-way-of-delivering-results-in-the-enterprise
Chef, Puppet, Ansible, CfEngine Rundeck, Mcollective
Jenkins, Travis, Kitchen Cucumber, Gauntlt, ServerSpec
Vagrant, Docker
A Sample of the Automation toolspace
New Way
Delivery of one change at a time reduces outages, increases performance,
and limits technical debt
“[risk assessment] introduces a dangerous fallacy: that
structured inadequacy is almost as good as adequacy and that underfunded security efforts
plus risk management are about as good as properly funded
security work”
I am rugged and, more importantly, my code is rugged.
I recognize that software has become a foundation of our modern world.
I recognize the awesome responsibility that comes with this
foundational role.
I recognize that my code will be used in ways I cannot anticipate, in ways it
was not designed, and for longer than it was ever intended.
I recognize that my code will be attacked by talented and persistent
adversaries who threaten our physical, economic and national security.
I recognize these things – and I choose to be rugged.
I am rugged because I refuse to be a source of vulnerability or weakness.
I am rugged because I assure my code will support its mission.
I am rugged because my code can face these challenges and persist in
spite of them.
I am rugged, not because it is easy, but because it is necessary and I
am up for the challenge.
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
https://speakerdeck.com/mkonda/appsecusa-2013-insecure-expectationshttp://vimeo.com/75930344
Security Testing
Static Code Analysis
Dynamic Testing
Virus Scanning
Code Signing Checks
Business logic/flow testing
http://static.hothdwallpaper.net/51b8e4ee5a5ae19808.jpg
Gauntlt PhilosophyGauntlt comes with pre-canned steps that hook security testing tools
Gauntlt does not install tools
Gauntlt can be part of the CI/CD pipeline
Be a good citizen of exit status and stdout/stderr
MIT Open Source License
more on gauntlt
• Google Group > https://groups.google.com/d/forum/gauntlt
• Wiki > https://github.com/gauntlt/gauntlt/wiki• Twitter > @gauntlt• IRC > #gauntlt on freenode• Issue tracking > http://github.com/gauntlt/gauntlt
Free Gauntlt Bookrequest a copy
Caveat Emptor: Under
development!
Valid until Dec 3rd