Taking the ops out of DevOps
Who is this presentation for?
- Infrastructure engineers, system architects, and infrastructure security engineers
In the past decade we’ve gone from managing individual machines with their own idiosyncrasies to thinking about machines as abstract resources. However, the way we manage them hasn’t changed that much—we still use management tools designed to manage machines in place and built from a conventional ops perspective, just at a larger scale. Your cloud management tools are built the same way. Taking the next step and thinking about your entire computational environment as code requires a fundamental mind-set change.
It’s time, Eleanor Saitta explains, to take the ops out of DevOps. This doesn’t mean the ops roles go away, though. Systems are still systems, but you can work more effectively once you’re not sitting around SSHing into them.
This isn’t just an efficiency issue, though. Eleanor believes this evolution is critical for building more secure large-scale systems. It matters directly because production configuration drift (as tools that manage state-in-place sometimes fail) leads to both vulnerabilities and tons of extra work for security operations teams. It also matters indirectly because in a fully programatic compute ecosystem gives you a whole new level of control over system behavior and attacker opportunities.
- A basic understanding of web infrastructure
- General knowledge of cloud hosting and continuous deployment (useful but not required)
What you'll learn
- Discover that transitioning to programmatic infrastructure is critical for improving system security and resilience
- Learn that configuration drift and the corresponding security and availability issues can and should be eliminated
- Understand why transitioning to a postops world means the job changes, not vanishes, and the work you're left with is more interesting and more useful
Systems Structure Ltd.
Eleanor Saitta is a practice lead at Systems Structure Ltd, a security architecture and strategy consultancy with media, finance, healthcare, infrastructure, and software clients across the US and Europe. She’s worked in security for 16 years, covering everything from core security engineering and architecture work for Fortune 50 software firms to cross-domain security for news organizations and NGOs targeted by nation states. She’s a cofounder and developer for Trike, an open source threat modeling methodology and tool that partially automates the art of security analysis, and has contributed to the Briar and Mailpile secure messaging projects. She’s also a regular speaker at industry conferences; past venues include the O’Reilly Velocity Conference, Kiwicon, ToorCon, CCC, Hack In The Box, and HOPE, among others. You can find her on twitter as @dymaxion and at https://dymaxion.org. SSL lives at https://structures.systems.
Premier Diamond Sponsor
For conference registration information and customer service
For more information on community discounts and trade opportunities with O’Reilly conferences
For information on exhibiting or sponsoring a conference
For media/analyst press inquires