On the latest episode of DevOps Radio, Julien Vehent, Engineering Manager at Mozilla Firefox, joins host Andre Pino to spread “security awareness.” Along with deep experience in cloud services, he helps manage security operations on the back-end side of the Firefox infrastructure. If Mozilla Firefox happens to be your default browser, you have Julien and his team to thank for the capabilities that prevent attacks and allow you to trust your browser history and shared passwords.
From his own experience, Julien found that while most organizations know security is important, they don’t necessarily know the best practices to implement it. This is all summed up in his recent book - Securing DevOps - a technical manual designed to help organizations adopt secure practices by diving into the specifics of these concepts (i.e. how would DevSecOps be applied to your Jenkins pipeline). Whether you’re looking to secure your pipeline from day one to three years down the road, Julien says it’s all covered within the 384 pages of his book.
While continuous integration (CI) and continuous delivery (CD) are now standard DevOps practices, the hope is to also expand this to continuous security. Julien says culture is a big aspect of this, but it also depends where you are in your overall DevOps transformation and too many companies wait to invest in security after a breach. While strides are being made (like HTTPS) to protect the consumer, security teams that are not implementing DevSecOps are still facing challenges. Of course, all of this and more is covered within Securing DevOps.
Still figuring out where security fits into DevSecOps? Learn more from previous episodes of DevOps Radio, and be sure to check out the DevOps Radio page to subscribe on Spotify or iTunes to get new episodes.