About Gene Kim

I'm the multiple award-winning CTO, Tripwire founder, Visible Ops co-author, IT Ops/Security Researcher, Theory of Constraints Jonah, a certified IS auditor and a rabid UX fan.

I am passionate about IT operations, security and compliance, and how IT organizations successfully transform from "good to great."

SEARCH BLOG
RECENT SPEAKING SCHEDULE

7/30 - BSides Las Vegas- Las Vegas, NV
Mobilizing the PCI Resistance: Lessons Learned from Fighting Prior Wars (SOX-404)

9/20 - itSMF USA Fusion 2010 - Louisville, KY
Avoiding Audit Fatigue: Achieving Compliance In A Multi-Compliance World

9/24 - PCI SSC North American Community Meeting - Orlando, FL
Scoping SIG Update

9/24 - Interop New York - New York, NY
Creating Effective Security Controls: A Ten Year Study of High Performing Security Organizations

10/24 - NACD Corporate Governance Conference - Washington, DC
How IT Can Help (And Hinder) Boards

Twitterstream
« Talk Notes: A Statistical Journey through the Web Application Security Landscape: Jeremiah Grossman: LASCON 2011 | Main | Talk Notes: Gamification: Gabe Zichermann: ISEPP Lecture Series »
Thursday
Jan262012

Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011

LASCON 2011: October 27, 2011

James Wickett and his ex-boss @ernestmueller are both a very special breed of people. James is well-known for his experience as an information security practitioner and his leadership in the OWASP community (he is the conference chair for the upcoming 2012 OWASP USA conference). But what makes him so interesting to me is that a boundary spanner. Beyond just infosec, he has experience doing IT Operations, as well as Development and DevOps practices.

(Incidentally, I believe his presentation on "The Rugged Way in the Cloud--Building Reliability and Security into Software" as one of the seminal works on how to information security integrates into DevOps-style practices. It is shown below, even though that isn't the topic of this talk note:)

At LASCON, he presented with Peco Karayanev on the PIE tool they built to integrate security practices into daily development and IT operations work. It will look very similar to a DevOps presentation, but hints at how organizations can integrate and deliver the non-functional requirements from the Rugged Computing initiative (e.g., scalable, available, survivable, securable, supportable, etc..).

Here's how they describe PIE, which is a tool they developed at National Instruments to support developing applications that are served up in the cloud:

PIE (Programmable Infrastructure Environment) is the open source cloud system management project released in the fall of 2011 that has changed how engineers build systems and manage security in the cloud. In DevOps fashion, PIE is focused on coding infrastructure that blends the lines between applications and servers.

The PIE project began when we built our very large scale cloud-based products and we focused on building a rugged, highly available system that would run resiliently in the face of failures. We knew we had to treat our "Infrastructure as Code" and from that theory PIE was born. Along the way we have learned how hard that can be. Come here how to use PIE to shape your cloud deployment and secure your infrastructure.

This presentation will feature the main developer of PIE, Peco Karayanev, who will give insight into how to transform your infrastructure using PIE.

Incidentally, Josh Corman and I are presenting an extension of these concepts and prescriptive steps at RSA 2012 in a presentation called "Security is Dead. Long Live Rugged DevOps: IT at Ludicrous Speed."

Okay, here are the notes/tweets from James' presentation:

  • @wickett/Karayanev: @wickett/@ernestmueller r amazing boundary spanner between Infosec, IT ops and Dev: always awesome insights
  • "Biggest surprise: how easily in PIE we had assurance that we knew about all deployment and changes, DevOps style"
  • "What do we like about PIE? Collab system design/development; automated building/provisioning/controlling cloud"
  • "From source to running system in minutes; for Azure, 1h; all infrastructure as code (#puppet/#chef)"
  • "We use PIE for cloud provisioning, creating new env, backups, logging, testing, release, revision ctrl, etc."
  • "The most diff part of defining architecture is the arrows: the dependencies. architects not used to rigor up front" info on PIE for @mortman: http://t.co/sRqSYzQs
  • "We wanted to abstract all cloud providers for PIE, just in case Rackspace came to us w/sweet deal."
  • "Never again will dev give ops something to deploy, who then need to ask for firewall port open" (Haha)
  • "All security testing being run by Dev, not Ops or Infosec. Noticing vulns/defects fixed faster" #devops
  • "We use Campfire extensively to keep entire global team sync'ed." #rugged #devops

Also, they are looking for people to use PIE, and other people who want to contribute to its development. (Contact @arnestmueller or @wickett for more info!)

References (43)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: fake hermes
    eggscoinsstampscomic booksports cardsmodel vehiclesvaluable figurinesstar wars/star trek memorabilia3 artworkartworks and paintings from these artists:alexander
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCONĀ 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Football is really a single of the greatest sports in America. It has a important following.
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
  • Response
    Response: Arrangement
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: Glaenzer
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: Stefan
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    The objective of developing an efficient internal domination gear is to give boldness that corporation credits are secondhand for company destinations, the info obtainable to the affair is exact also latest, furthermore hands evince a tall grade of virtue by complying accompanying the canon of customarys plus precepts in force.
  • Response
    Response: CMW
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: dubstep maker
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: Post Brothers
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: Post Brothers
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: Magician NJ
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: pmp certification
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: SEO Calgary
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    The best info on alcoholism available
  • Response
    Response: cheap vps hosting
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: Pet Magazine
    Amazing blog with amazing information you have posted here thanks for this.
  • Response
    Response: pest control
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: www.amazon.com
    Out-group members often receive less time and more distant exchanges than their in-group counterparts. With out-group members, leaders expect no more than adequate job performance, good attendance, reasonable respect, and adherence to the job description in exchange for a fair wage and standard benefits.
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: namecheap domain
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: Calgary SEO
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: senuke
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: best seo toronto
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: storify.com
    The historical method comprises the techniques and guidelines by which historians use historical sources and other evidence to research and then to write history.
  • Response
    Response: signal recognition
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: dumpsters
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: www.youtube.com
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: grow eyelashes
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...
  • Response
    Response: survival gear
    Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011 - RealGeneKim Blog - Home page of RealGeneKim (Gene Kim): Tripwire founder and CTO, Visible Ops co-author, and more...