Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Integrating security into DevOps

Ernest Kim (MITRE Corp.)
14:10–14:50 Thursday, 10 November, 2016
Tech, tools, and processes
Location: G103 Level: Beginner
Average rating: ***..
(3.00, 2 ratings)

Prerequisite knowledge

  • A basic knowledge of DevOps and security tools

What you'll learn

  • Understand why you should be integrating security tools into your DevOps tool kits to give developers and system administrators feedback quickly and earlier in the process


Ernest Kim shares how the MITRE Corporation, a US federally funded research and development center, integrated security tools into its DevOps chain to get continuous insight into the security posture of the various Linux distributions it uses and rapidly deploy fixes when needed.

Topics include:

  • A brief overview of the MITRE Corporation, the various stakeholders at MITRE in the hardening process, and the challenges that MITRE faces
  • The various tools MITRE uses (continuous integration/deployment, configuration management, source control, and security scanning)
  • A demo of the whole process in action
  • Next steps: Moving further up the stack into code analysis

Ernest Kim


Ernest Kim is a senior engineer at the MITRE Corporation, where his work has centered mostly around the exploration of frontier technologies and how they can be incorporated into the corporate environment. Ernie has led the team responsible for the corporate strategy on external cloud usage and MITRE’s collaborative development environment and has helped develop and deploy MITRE’s solution on social networking, identity management, and its internal cloud.