Why Does Security Matter For DevOps?

If you had $10,000, would you rather build a deck for your home or a fence?

This is a question that Caroline Wong (@CarolineWMWong) asks people when they are questioning why organizations invest in security. It also reveals why security matters for DevOps.

DevOps Connect:DevSecOps @ RSAC 2022

For instance, when someone chooses a fence over a deck, there is probably something in their home they want to protect – something physically valuable, or emotionally valuable, such as privacy from a nosy neighbor. If they choose the deck, chances are they prioritize improving their product (their home) because they don’t have a pressing need to protect it.

Caroline is a Chief Security Strategist at She got her start in security with eBay and Zenga (you know, the company that created Farmville). At a previous All Day DevOps conference, she presented on why security matters for DevOps.

What Drives the Need for Security?

She likes to ask people what drives the need for security at their organizations. It seems like a straightforward question, but the answers aren’t always straightforward. Sometimes an answer can be found by looking at the organization’s first security hire and what they were brought in to do.

For example, when she joined eBay, security was brought in for compliance. Then their new CISSO noticed they were focused on compliance, but they had a more important driver – application security. After all, they were enabling strangers to transact over the Internet, opening up their application to bad actors.

At Zenga, there were security incidents as they were getting ready for an IPO. Farmville grew to 80 million active users, and they used AWS for elastic capacity. They had to trust their vendor, AWS, to be secure.

Before digging into why security matters to DevOps, Caroline touched on why (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Derek Weeks. Read the original post at: