It doesn’t seem like it was so long ago when it was actually difficult to find enterprises and experts who could speak – from experience – about having successfully managed security in a DevOps environment. Sure, they existed, but they were primarily the so-called “unicorns:” web-based enterprises that had little of the legacy infrastructure in place that also needed to be secured. Enterprises such as Netflix, Etsy, Google, Amazon, and others for who the cloud and virtualization management and DevOps practices are as natural as water.

Fortunately, we’ve now experienced a year where stories about traditional enterprises having successfully made the DevOps leap are commonplace, from Macy’s and Target and others at the DevOps Enterprise Summit, while Nationwide and many others at IBM InterConnect.

Like those conferences above, this year the annual RSA Conference (the information security industry’s biggest show), and some of the approximate satellite events this week, will have many sessions relating to DevOps and security. Our own DevOps Connect: SecOps Edition, being held Monday at the Moscone Center, is a daylong event highlighting the intersection of DevOps and information security.

At DevOps Connect: SecOps Edition there are a number of must see sessions, for me, including David Mortman’s DevOps Myths Versus Real World Realities, Julie Tsai’s Windfall Wins: DevOps Empowers Agile Security and Compliance, and Jez Humble on Continuous Delivery.

Also, throughout the week there are many DevOps and security sessions throughout the week in application security related tracks. There will be a lot of interesting news and developments coming from those sessions throughout the week.

Here are some, for those interested in learning more about DevOps and security, that look very worthwhile:

Continuous Security: 5 Ways DevOps Improves Security

Joshua Corman, Chief Technical Officer, Sonatype and David Mortman, Chief Security Architect, Dell

DevOps is upon you and no longer just the provenance of start-ups. Josh and David will discuss how things have changed and five ways security gets better as a result of other teams doing DevOps.

Enterprise Cloud Security via DevSecOps

Scott Kennedy, Chief Security Scientist, Intuit; Shannon Lietz, Sr. Manager, DevSecOps, Intuit

Securing innovation at scale in a cloud environment can be quite challenging. The goal of our talk is to share the lessons we learned about operating under the DevSecOps model.

How to Avoid the Top 10 Software Security Flaws

Gary McGraw, Chief Technical Officer, Cigital

DevOps and automation tools are changing both the breadth and speed at which risk propagates. This session will cover both how to monitor and respond to them without alienating your DevOps team.

Is DevOps Breaking Your Company?

Elizabeth Lawler, Chief Executive Officer / Founder, Conjur, Inc.

DevOps and automation tools are changing both the breadth and speed at which risk propagates. This session will cover both how to monitor and respond to them without alienating your DevOps team.

Containers vs. VMs for Secure Cloud Applications

App developers and PaaS platforms are adopting containers to simplify app packaging, deployment and orchestration. But there has been no pause for thought about security and compliance.

Participants:

Simon Crosby – Chief Technical Officer, Bromium Inc

Christofer Hoff – Vice President and Security Chief Technology Officer, Juniper Networks

Mark Russinovich – Chief Technology Officer, Azure, Microsoft

Scott Johnston – Senior Vice President Product, Docker

How Security Can Be the Next Force Multiplier in DevOps

Andrew Storms Vice President, Security Services, New Context

DevOps is the hottest moving target when it comes to software development methodologies. Many people fear that this fast paced, barrier breaking movement will leave information security best practices.

After the week is over, a great deal more security professionals in the industry should have a stronger grip on how to better incorporate security into DevOps practices and improve enterprise IT outcomes while reducing risk.