I’ve been on a kick recently about how DevOps, security, audit, and compliance all fit together. Spoiler alert: they all do fit together. In fact, we’re better off individually and collectively when we bring security, audit, and compliance into the DevOps tent and treat them like we would any other function that has valuable expertise to contribute to help our organizations win. We’d all benefit from what we can learn from each other.
I delivered a talk on September 13, 2017 to the local section of the Automated Software Quality organization on how to bring audit, security, and compliance into the DevOps movement. I provided a lot of resources at the end of the talk. Here they are with a description of each.
I wrote for XebiaLabs on leading a DevOps transformation within your organization. It’s based on a white paper I co-authored with a bunch of really amazing people at Gene Kim’s DevOps Enterprise Forum in 2016. The post covers five simple (but not easy) tips for making progress on adoption of DevOps patterns and practices within your organization. The tips include understanding other people’s goals and the problems they face, identifying a target mindset, and then developing and executing a plan with the most effective tactics.
In retrospect, I’ve been writing a lot for other blogs and less so for myself. Whatever gets the word out and advances the cause, right?
The 2017 State of DevOps Reportis out. As in previous years, it provides a lot of information about the state of DevOps within the industry and some of the important factors that differentiate high-performing organizations from their non-high-performing peers. I noted a few highlights from this year’s report: the impact of leadership, the continued misconception about the perceived tradeoff between throughput and stability, and autonomy with teams and architectures.
A few years ago, I went through some executive coaching individually and as a group. In one of the individual sessions, the coach and I were talking about my team and the meetings I had with them. The coach asked me how I wanted someone on my team to feel after meeting with me. I had to think about it because I had never been asked that question before. And yet, it was an incredibly important answer to have. After a minute or two, I came up with the following answer.
I’ve heard a lot of questions about DevOps, audit, compliance, and how they all fit together. I’ve fielded more questions from more people recently. In my mind, that means more people are applying DevOps patterns and practices to their work and the work they’re doing is real (as opposed to sandbox, pilot, or “let’s try this stuff out” projects). Why else would they be interested in audit and compliance?
Here are some resources that might be helpful if you’re “doing the DevOps” and interested in making audit and compliance efforts go more smoothly.