It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.

—Charles Darwin

Currently, DevOps is more like a philosophical movement, not yet a precise collection of practices, descriptive or prescriptive.

—Gene Kim

Overview

In this chapter, we turn our attention to automation. Traditionally, the infosec community doesn't consider automation to be in the purview of the security professional. That has been a giant mistake in first principle thinking. Because of that error, the IT community has sprinted away from the security community in pursuing advanced software development methods. In this chapter, I will explain why it's time to catch up. I will talk about why automation in general is important to eradicate mundane and error‐prone manual tasks. I will then show how the software development community evolved their thinking from Gantt charts in the early 1900s all the way to DevOps today and that DevSecOps is the logical next step. I will then tackle the tricky subject of automating the compliance systems across our deployed first principle architecture. It's tricky because compliance doesn't have a major impact on reducing the probability of material impact, but depending on the industry you're in, you will likely have to plug the telemetry from your deployed first principle tactics into the compliance system. Finally, I will explain the relatively new concept of chaos ...