I’m always looking for books that cover a topic from a different angle or a broader approach, this one is the perfect example, indeed, security-focused but through the magnifier lens or under the influence/culture of Agile.
Working for a Software Development company I found this book a good match for my DevOps/System Engineer role and I put it on my wish list. Six months ago I purchased another book, but guess what happened?
Yes, that’s right! I’ve received this one instead. Coincidence or a sign of destiny? Well, maybe both. For sure this book is one of the best books that I’ve read in 2019, so far!
In my previous work experiences as a Developer, I looked and systems and software with a different perspective, I had the opportunity to work for years also as a system administrator as well and see both sides of the fence, but security processes and procedures were always in the background as dictating what and how we could interact and work together. In short developers and engineers were moving between fixed security boundaries or well-defined principles.
In the last 6-7 years that I’ve worked effectively with a DevOps mindset or in such a role, I realized that security overall was not affected much by using the latest technology or the flavour of the month, but it’s a moving target and affected mostly be people and subtle implementation details.
When I say people, I’m not talking about security risks caused by social engineering, but more about how people approach and trust the tool and processes as a “set-and-forget”, not realising that all changes in our systems will affect its resilience (confidentiality, integrity, availability).
This book is a must considering how up-to-date these contents are relevant today and with a huge number of references to products and projects to test and try to introduce to your work environment to make it better.
In a big company sure will be challenging but leveraging this book or a similar one can be more effective than a few proofs of concepts, in small and medium shops sticking with a slim implementation of some of these strategies will make your business as usual maybe less boring and who knows, maybe also will help to remove a bit of stress as well.
Agile Application Security
Enabling Security in a Continuous Delivery Pipeline
Publisher: O’Reilly Media
Release Date: September 2017
Pages: 378