DevOps Dudes
Published in

DevOps Dudes

Security is Everybody’s Job — Part 3 — What IS DevOps?

There are many definitions of DevOps

What IS DevOps?

Link to the previous post in this series.

There are many definitions of DevOps, too many, some might say. Some people say it’s “People, Processes, and Products”, and that sounds great, but I don’t know what I’m supposed to do with that. When I did waterfall I also had people, processes, and products, and that was not great. I thought DevOps was supposed to be a huge improvement?

I’ve heard other people say that it’s paying one person to do two jobs (Dev and Ops), which can’t be right… Can it? I’ve also been told once by a CEO that their product was “made out of DevOps”, as though it was a substance. I decided not to work there, but that’s another story. Let’s look at some better sources.

Wikipedia says:

DevOps is a set of practices that combines software development and information-technology operations which aims to shorten the systems development life cycle and provide continuous delivery with high software quality.

But what are the practices? Why are we aiming to shorten the SDLC? Are we making smaller software? ‘What is continuous delivery’?

I decided to read The DevOps Handbook. Then I knew what DevOps was, and I knew how to do it. And I discovered that I LOVED DevOps.

According to the DevOps Handbook, DevOps had three goals.

Improved deployment frequency; Shortened lead time between fixes;

Awesome! This means if a security bug is found it can be fixed extremely quickly. I like this.

Lower failure rate of new releases and faster recovery time;

Meaning better availability, which is a key security concern with any application (CIA). Lower failures mean things are available more often (the ‘A’ in CIA), and that’s definitely in the security wheelhouse. So far, so good.

Faster time to market; meaning the business gets what they want.

Sometimes we forget that the entire purpose of every security team is to enable the business to get the job done securely. And if we are doing DevSecOps, getting them products that are more secure, faster, is a win for everyone. Again, a big checkmark for security.

Great, so now I think the DevOps people want the same things I, as a security person, want. Excellent. How do I *DO* DevOps?

That is where The Three Ways of DevOps comes in.

  1. Emphasize the efficiency of the entire system, not just one part.
  2. Fast feedback loops.
  3. Continuous learning, risk-taking and experimentation (failing fast)

In the next post we will talk more in detail about The 3 Ways (and how security fits in perfectly).

For this and more, check out my book, Alice and Bob Learn Application Security and my online training academy, We Hack Purple!




A collection of stories that have anything and everything to do with DevOps from horror stories to success stories. If it's about Gitlab, Jenkins, Chef, Ansible, AWS, Azure, Kubernetes, Software Engineer then it belongs here.

Recommended from Medium

3.7 Dynamic: To Be or Not to Be?

Writing a Word Game in Elixir: Spelling Bee

QNAP TS-453BT3 Review — Is it better than the Drobo 5D3

Flutter vs. React Native: The Ultimate Comparison for Your Next Project

Python Operators Operators are used to perform operations on variables and values.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Tanya Janca’s Application Security Adventures #WeHackPurple

More from Medium

Error: building client: unable to obtain access token: running Azure CLI: exit status 1: ERROR…

Using Terraform to create a Dockerized Azure App Service

2nd vs 3rd Generation Data Warehouses

Recipe OSS: How to modify the object storage class? (Alibaba Cloud)