Can someone detail me the intertwining of
devops n security?
Lowkey been slacking on studying since my laptop broke smh, but it's getting fixed in a couple days n I'm planning on going hard studying python n working on my rhcsa cert n sec+ after that. Where could DevOps come in for me
"
DevOps Security Challenges
Though DevOps solves many challenges in the software development process, it also introduces new challenges
. Less than 46% of IT security professionals are skipping DevOps security in planning and design. These environments end up with a reactive, uncoordinated approach to incident management and mitigation. Often, the lack of coordination isn’t evident until an incident occurs, and systems are breached or attacked.
Aside from just a blip in operations, security breaches can reap long-term havoc. Take the case of the 2017 Uber breach.
The root cause was a careless developer who published credentials to GitHub. An all too common error when quickly compiling code to keep up with agile development cycles.
Hackers quickly pounced, attacking Uber in a breach that impacted over 50 million customers and nearly 600,000 drivers. Uber paid off the hackers to keep quiet. However, the data breach was eventually discovered and led to a public relations nightmare.
A secure DevOps
environment runs on different tools, processes, and policies to facilitate rapid and secure releases. In the case of Uber, a final security scan to ensure no credentials are left embedded in the code. These pieces come together to provide bulletproof security throughout the application development, release, and management phases."
Firewalls can’t completely protect you in the cloud. Securing in the cloud revolves more around RBAC and access management.
Many of the processes and tools used in securing DevOps rely on cloud-based resources"
Here is an ideal position that I would love to be doing
Preferred Qualifications:
-------------------------
- 4+ years experience working within the technical arena with 2 plus years of information security work experience
- Solid technical background in IT systems and networking in Cloud environments
- Knowledge and experience pertaining to :
- AWS (or similar) cloud security and infrastructure
- Web infrastructure security (Applications and APIs)
- Network security tools (IDS/IPS, firewalls, etc.)
- Network visualization tools (Skybox Security, Redseal Networks, etc.)
- Encryption technology and implementation
- Disaster recovery concepts
- Operating system security and hardening
- Enterprise scale application hardening (e.g. GitHub, Jenkins, Slack)
- Experience using vulnerability assessment tools and writing risk mitigation plans according to the assessment
- Excellent analytical, evaluative, and problem-solving abilities
- Demonstrated ability to collaborate with technical and non-technical teams to further the goals and mission of the Security Risk and Compliance team
- Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences.
- Experience with PCI and SOX compliance programs as well as their technical and security requirements
- Experience in security standards such as ISO 27001, 27002, 27005; NIST, COBIT, ITIL
- Technical certifications within the area Security are a strong plus (CISSP, CRISC, CCSK, CCSP, GIAC or equivalent)
- Ability to work independently and multi-task effectively
- A bachelor's degree in Cyber Security, Information Security, or Computer Science
- Experience with Continuous Integration/Continuous Development (CI/CD) concepts
- A passion for the gaming industry is a plus
The truth is most most people are getting the bag working with just one bullet point their whole career...but some cyber security jobs will ask you to know CI/CD and the tools, depends on what you want. Most people people at my job are just doing one or two bullet point at most. Even I
. my job is just two bullet points but someone who has the knowledge above will most likely never going to struggle to get a job while I have to compete with the many people who are also working on 1 or two bulletpoint like me. Heck, they are likely getting bidded for. Also, no way can one can all getting this experience in 2 years.
nah breh it gotta be more to that story wtf was he on 
