I delivered a talk on September 13, 2017 to the local section of the Automated Software Quality organization on how to bring audit, security, and compliance into the DevOps movement. I provided a lot of resources at the end of the talk. Here they are with a description of each.

1. My slides. They’re picture-heavy, but the slide titles should help you figure out what the point is.
2. The abstract and photo account. See the blow-by-blow with captions. Riveting, if I do say so myself.
3. A previous post about DevOps and audit resources. This covers a handful of the audit-specific resources from my talk. Pay particular attention to the DevOps Audit Defense Toolkit.
4. The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win. I can’t recommend this book highly enough for many reasons. Related to audit, security, and compliance, “follow the transformation of John Pesche, the black-binder-wielding Chief Information Security Officer whose constant meddling under the guise of improving security has turned him into a pariah” from Jez Humble’s book review.
5. The Rugged Manifesto. This comes from the Rugged Software movement, aimed at creating software development organizations that “have a culture of rapidly evolving their ability to create available, survivable, defensible, secure, and resilient software.”
6. Mark Schwartz’s “How DevOps Can Fix Federal Government” talk at the 2014 DevOps Enterprise Summit. Mark Schwartz is the former CIO at the U.S. Citizenship and Immigration Services and did some amazing things with Agile and DevOps to improve the way the Federal Government does IT. All of the talks from DOES 2014 were great, but this one was unique in that it showed even the Federal Government can go through a DevOps transformation — even in a highly regulated environment.
7. DevOps Enterprise Summit. This is an amazing event showcasing enterprise-scale success with DevOps. There is lots of coverage of change management issues in general, and audit, security, and compliance specifically.

P.S. Cool geek discovery: the local section of ASQ was founded by W. Edwards Deming in the early 80’s.