- Security people should know how hard DevOps is
- Proof-of-concept for DevSecOps tools
- All the tools are free
- But... make sure the licensing is appropriate to your use case
- e.g. "community" editions of commercial software
- Geek cred (?)
- As security professionals, we should strive to meet developers where they work
- I like to stretch out beyond the page
- PowerPoint causes brain warts
Feedback from last year's talk showed a need for good nuts-and-bolts tutorials.
How I did it:
- VirtualBox (though any virtual or container solution is fine)
- A minimalist virtual machine running Linux (I'm using Lubuntu, but any flavor should work):
- 4 GB RAM
- 1 CPU
- 64 MB video RAM
- 40 GB virtual storage
I made some choices for working on this demo:
- Virtualization to better control the hardware involved
- Native installation to see just how difficult this could get (and containers can present their own integration and configuration difficulties)
- Locally installed solutions still leery about sending source code to the cloud
- Linux it's the best operating system an IT mechanic can get (and you can't beat the price)
- Open-source software to show what's possible at zero cost and maximum transparency
- Up-to-date Use the latest LTS version of software to get out of frequent feature update headaches
But we should never be too tied to our weapons of choice.