Skip to Main Content
Building a Modern Security Program
book

Building a Modern Security Program

by Zane Lackey, Rebecca Huehls
August 2018
Intermediate to advanced content levelIntermediate to advanced
45 pages
1h 2m
English
O'Reilly Media, Inc.
Content preview from Building a Modern Security Program

Chapter 1. Shifting the Security Team to a DevOps Mindset

During the early days of the shift away from Waterfall development, I was incredibly fortunate to be in the position of building the security team at Etsy while it was one of the first companies pioneering DevOps. At the time, for most companies, production application changes were typically made every 6 to 18 months. However, as I learned on my first day as head of security, Etsy was making production code deployments 20 times per day and rising. As you can imagine—and I had to learn the hard way—most of the classic approaches to security simply weren’t going to survive in this environment.

I knew that the approach to security needed to change, but implementing a DevOps-friendly model effectively and in ways that achieved buy-in throughout the organization hadn’t really been done before. First and foremost, like many security professionals, I had to stop thinking of security as a gatekeeper or blocker, which is a holdover from the Waterfall methodologies. As my thinking changed, I could begin seeing how the security team could change to be more DevOps friendly and thus maintain good security practices while focusing on enabling business agility.

In this report for fellow security leaders owning a security transformation, I share the lessons I learned about building and scaling a program along the way—lessons that would have saved me from a bunch of pain had I known them from the beginning. I use details about Etsy because ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Modernizing Cybersecurity Operations with Machine Intelligence

Modernizing Cybersecurity Operations with Machine Intelligence

Peter Guerra, Paul Tamburello
The Future of Security

The Future of Security

Christina Morillo
Cloud Native Security

Cloud Native Security

Chris Binnie, Rory McCune

Publisher Resources

ISBN: 9781492044680