How to Build a DevOps Culture (and get engineering and security teams to talk to each other!)
By Andy Adrian
Built on the premise of bringing software development best practices to operations and infrastructure teams, DevOps promises to help your organization deliver applications and services faster and more efficiently. There are plenty of technical best practices for practicing DevOps, but the biggest shifts that have to happen to make DevOps work are cultural.
I’ve implemented DevOps cultures at small and large organizations with great success. Below find a step-by-step process for starting to get your InfoSec, Hardware, Firewall, Networking, Data Security, Support, and Operations teams working together effectively.
1. Develop a Common Language…
The first obstacle in getting your security and engineering teams to communicate is literally the words they use. Different teams might describe the same process with a different name, or use the same broad term to refer to very different specific data points. For example, when a firewall team hears “security,” they think of blocking ports, but operations teams are focused on system configuration like password complexity and disabling services. Teams need to come to an agreement about what they’re talking about by using more specific language.