What do you think?
Rate this book
Building a Modern Security Program
What does it take to build a security team in a DevOps environment? As an early adopter of DevOps, Etsy found that this task often involved a frustrating process of trial and error. This practical ebook from Zane Lackey, Etsy’s former security engineering director, shows you how to build and scale a security team based on lessons learned from that early DevOps experience.
Security challenges are much different today, particularly as companies make the jump to DevOps and the cloud. With DevOps, many more people have access to production code, while the release cycle has accelerated from every few months to several times a day. In response, attackers have shifted from the infrastructure to the application layer, and for many of them, the cost of these attacks is trivial. This ebook teaches you how to adapt your security team to the way your company develops and deploys production code in a DevOps environment.
* Understand basic DevOps techniques and learn how to provide secure access
* Learn the keys to building an effective security culture in your organization
* Use bug bounties and responsible disclosure programs to get the DevOps team on board with security
* Move from penetration testing to attack simulations to gain better feedback
Security challenges are much different today, particularly as companies make the jump to DevOps and the cloud. With DevOps, many more people have access to production code, while the release cycle has accelerated from every few months to several times a day. In response, attackers have shifted from the infrastructure to the application layer, and for many of them, the cost of these attacks is trivial. This ebook teaches you how to adapt your security team to the way your company develops and deploys production code in a DevOps environment.
* Understand basic DevOps techniques and learn how to provide secure access
* Learn the keys to building an effective security culture in your organization
* Use bug bounties and responsible disclosure programs to get the DevOps team on board with security
* Move from penetration testing to attack simulations to gain better feedback
Unknown Binding
Published August 1, 2018
1 person is currently reading
31 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
February 26, 2019
A practical guide to helping to build a great security culture where security doesn't have the culture of "no". Zane's experience is great and it's nice to read a book that isn't hundreds of pages so he gets to the good stuff quickly. Worth the read for sure.
Displaying 1 of 1 review