13 Continuous security

 

This chapter covers

  • Implementing continuous security in a three-year strategy
  • Improving the integration of security, development, and operations teams
  • Maintaining constant awareness of organizational-risk exposure
  • Improving security with communication and training

“Life is not easy for any of us. But what of that? We must have perseverance and above all confidence in ourselves. We must believe that we are gifted for something, and that this thing, at whatever cost, must be attained.”

—Marie Curie

We’re reaching the end of our journey into securing DevOps, and we’ve covered a lot of ground over the last 12 chapters. If you’ve read this book in one go, you’re probably overwhelmed by the amount of information, techniques, and knowledge we’ve covered. The field of security is vast, and you might easily get lost in the myriad areas a security engineer must cover to keep an organization safe.

13.1 Practice and repetition: 10,000 hours of security

13.2 Year 1: integrating security into DevOps

13.2.1 Don’t judge too early

13.2.2 Test everything and make dashboards

13.3 Year 2: preparing for the worst

13.3.1 Avoid duplicating infrastructure

13.3.2 Build versus buy

13.3.3 Getting breached

13.4 Year 3: driving the change

13.4.1 Revisit security priorities

13.4.2 Progressing iteratively