I’m always looking for books that cover a topic with a different angle or a broader approach, this one is the perfect example, indeed, security-focused but through the magnifier lens or under the influence/culture of Agile.
Working for a Software Development company I found this book a good match for my DevOps/System Engineer role and I put it in my wish-list. Six months ago I purchased another book, but guessed what happened?
Yes, that’s right! I’ve received this one instead. Coincidence or a sign of destiny? Well, maybe both. For sure this book is it one of the best books that I’ve read in 2019, so far!
In my previous work experiences as a Developer I looked and systems and software with a different perspective, I had the opportunity to work for years also as system administrator as well and seeing both sides of the fence, but security processes and procedure were always in the background as dictating what and how we could interact and work together. In short developers and engineers were moving between fixed security boundaries or well-defined principles.
In the last 6-7 years that I’ve worked effectively with a DevOps mindset or in such role, I realized that security overall was not affected much by using the latest technology or the flavour of the month, but it’s a moving target and affected mostly be people and subtle implementation details.
When I’m saying people, I’m not talking about security risks caused by social engineering, but more about how people approach and trust the tool and processes as a “set-and-forget”, not realising that all changes in our systems will affect its resilience (confidentiality, integrity, availability).
This book is a must considering how up to date these contents are relevant today and with a huge number of references to products and project to test and try to introduce to your work environment to make it better.
In a big company for sure will be challenging but leverage this book or a similar one can be more effective than few proofs of concepts, in small and medium shops stick with a slim implementation of some of these strategies will make your business as usual maybe less boring and who knows, maybe also will help to remove a bit of stress as well.
Agile Application Security
Enabling Security in a Continuous Delivery Pipeline
Publisher: O’Reilly Media
Release Date: September 2017