This is the overview and outline for a chapter in our upcoming book, "Epic Failures in DevSecOps". Each chapter is a unique voice, telling us a story about an epic failure that has been encountered as part of a personal DevOps/DevSecOps transformation.
Would you like to proofread a chapter and give us feedback? If so, look at the bottom right of this page and confirm you'd like to be a proofreader. (If you don't see the box, leave a comment.) This will put you on the "keep me up to date on the project" list, and we'll reach out when ready for your help. There are going to be eight chapters.Keep an eye out for the others. -- Mark Miller, Executive Editor
Twenty five years ago we, the network team and the information security teams (in their infancy) walked into the CEO’s and CFO’s offices and proudly stated “WE need a firewall to protect us” we started a chain of events that have led us to today’s rather messy situation. For those 25 years or more we have continued to walk into the leadership’s corner office and state that the next greatest thing will fix all the problems, secure all the things AND that the general reason we have to do this is because it’s the users fault, it’s the developers fault, the engineers fault, heck at one point I think I even blamed my grandmother for breaking security on the Internet.
For those years we continued to look at others as being to blame, we were special, we were the new warriors, the fighters of all things bad in the world and we were the only ones protecting the company against the perils of the modern era.
How wrong we were, how VERY wrong we still are. How much we have to learn, and more importantly how quickly we have to learn it.
Take a look back at some of the defining moments, the separations, the movement of the VC’s and the money game NOT the protect game. The fact we have become our own world….excluding others and why that has to change.
Fragmentation, led by money not protect, the illusion of red teams, the drivers and the funding, the marketing efforts and the simple fact we have to grow up AND we have to become PART of a company not the snowflakes we have put outselves out to be.
Talk about the DevSecOps movement and what needs to happen, why it IS happening and why we have to keep momentum going across this critical part of th industry.
Communication, metrics, playing together with everyone, shoulder to shoulder, I will fail, we will succeed, etc.
Some ways to change, some planning and some thoughts about HOW we will put what this book has to offer into practice. Change from within and no longer a “want” mentality
Talk about diversity too
Talk about why we need change and how it works
Talk about conflict management
This is not something that we can leave to others, we created the mess, we have to fix it with the help from the generations AND the others in the business…
Some final thoughts on what the future holds AND why this has to happen, technology of the edge of the cliff etc.
Talk AI and the decisions it will make FOR us unless we step in etc.
SOME OF THIS, cull it a little…Chris currently works at Lares, prior to that he's founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception technologies, and providers of security services and threat intelligence.
Since the late 90’s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against cyber attack. Prior to that he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. (Before that he managed to get various computers confiscated by a number of European entities.)
Roberts is considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry.
Roberts is credentialed in many of the top IT and information security disciplines and as a CyberSecurity advocate and passionate industry voice, Roberts is regularly featured in national newspapers, television news, industry publications and several documentaries. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever’s taken his fancy…
As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences. CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, and numerous others have covered him in the media.
And worst case, to jog the memory, Chris was the researcher who gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control system.
Want to be a proofreader for the book? Fill in your email address in the box on the right. (If you don't see the box, leave a comment). We'll get back to you within the next three weeks with a chapter for your review.