The DevSecOps Playbook

Book description

A must-read guide to a new and rapidly growing field in cybersecurity

In The DevSecOps Playbook: Deliver Continuous Security at Speed, Wiley CISO and CIO Sean D. Mack delivers an expert analysis of how to keep your business secure, relying on the classic triad of people, process, and technology to examine—in depth—every component of DevSecOps. In the book, you'll learn why DevSecOps is as much about people and collaboration as it is about technology and how it impacts every part of our cybersecurity systems.

You'll explore the shared responsibility model at the core of DevSecOps, as well as the people, processes, and technology at the heart of the framework. You'll also find:

  • An insightful overview of DevOps and DevSecOps principles and practices
  • Strategies for shifting security considerations to the front-end of the development cycle
  • Ways that the standard security model has evolved over the years and how it has impacted our approach to cybersecurity

A need-to-read resource for security leaders, security engineers, and privacy practitioners across all industries, The DevSecOps Playbook will also benefit governance, risk, and compliance specialists who seek to better understand how a transformed approach to cybersecurity can impact their business for the better.

Table of contents

  1. COVER
  2. TABLE OF CONTENTS
  3. TITLE PAGE
  4. FOREWORD
  5. INTRODUCTION
    1. WHO SHOULD READ THIS BOOK?
    2. WHO THIS BOOK IS NOT FOR
    3. HOW THIS BOOK IS ORGANIZED
    4. CONVENTIONS USED IN THIS BOOK
  6. CHAPTER 1: Introducing DevSecOps
    1. WHY DEVSECOPS? WHY NOW?
    2. DevOps OVERVIEW
    3. DevSecOps OVERVIEW
    4. RUGGED DevOps OVERVIEW
    5. DevSecOps BUSINESS RESULTS
    6. CONCLUSION
    7. NOTES
  7. CHAPTER 2: The Evolution of Cybersecurity (from Perimeter to Zero Trust)
    1. THE EVOLUTION OF THE THREAT LANDSCAPE
    2. THE EVOLUTION OF CYBERSECURITY RESPONSE
    3. CONCLUSION
    4. NOTES
  8. CHAPTER 3: DevSecOps People
    1. INTRODUCTION
    2. COLLABORATION AT THE CORE
    3. DevSecOps CULTURE
    4. THE SHARED RESPONSIBILITY MODEL
    5. PSYCHOLOGICAL SAFETY
    6. ORGANIZING FOR DevSecOps
    7. BUILDING A DevSecOps CULTURE
    8. THE EVOLUTION OF THE EMPLOYEE (T‐SHAPED PEOPLE)
    9. HIRING FOR DevSecOps
    10. CONCLUSION
    11. NOTES
  9. CHAPTER 4: DevSecOps Process
    1. INTRODUCTION
    2. UNDERSTANDING PROCESSES AT SCALE
    3. DevSecOps FOR IT SERVICE MANAGEMENT
    4. SECURITY INCIDENT MANAGEMENT
    5. CHANGE MANAGEMENT
    6. PROBLEM MANAGEMENT
    7. RELEASE MANAGEMENT
    8. A DevOps APPROACH TO SECURITY PROCESSES
    9. CHAOS ENGINEERING
    10. CONCLUSION
    11. NOTES
  10. CHAPTER 5: DevSecOps Technology
    1. INTRODUCTION
    2. DevSecOps CONTINUOUS INTEGRATION AND CONTINUOUS DEPLOYMENT
    3. INFRASTRUCTURE AS CODE
    4. SECRETS MANAGEMENT
    5. PRIVILEGED ACCESS MANAGEMENT
    6. RUNTIME APPLICATION SELF‐PROTECTION
    7. MONITORING AND OBSERVABILITY
    8. EVENT MANAGEMENT WITH SIEM AND SOAR
    9. CONCLUSION
    10. NOTES
  11. CHAPTER 6: DevSecOps Governance
    1. INTRODUCTION
    2. THE CHALLENGE OF COMPLIANCE
    3. MANAGING RISK
    4. DevSecOps APPROACH TO GOVERNANCE
    5. COMPLIANCE AS CODE
    6. COMPLIANCE FOUNDATIONS
    7. CONCLUSION
    8. NOTES
  12. CHAPTER 7: Driving Transformation in Enterprise Environments
    1. INTRODUCTION
    2. THE CHALLENGE OF CULTURAL TRANSFORMATION
    3. TRANSFORMATIONAL LEADERSHIP
    4. THE KEYS TO A SUCCESSFUL TRANSFORMATION
    5. TRANSFORMATION CHALLENGES
    6. CONCLUSION
    7. NOTES
  13. CHAPTER 8: Measuring DevSecOps
    1. INTRODUCTION
    2. KEYS TO A SUCCESSFUL METRICS PROGRAM
    3. OPERATIONAL METRICS
    4. BOARD‐LEVEL METRICS
    5. MEASURING TRANSFORMATION
    6. CAPABILITY MODELS
    7. CONCLUSION
    8. NOTES
  14. CHAPTER 9: Conclusion
    1. INTRODUCTION
    2. PEOPLE, PROCESS, AND TECHNOLOGY
    3. COLLABORATION IS AT THE CORE
    4. MAKING SECURITY PART OF HOW YOU WORK
    5. WHERE TO START
    6. THE FUTURE OF DEVSECOPS
    7. CONCLUSION
    8. NOTE
  15. ACKNOWLEDGMENTS
  16. ABOUT THE AUTHOR
    1. How to Contact the Author
  17. INDEX
  18. COPYRIGHT
  19. END USER LICENSE AGREEMENT

Product information

  • Title: The DevSecOps Playbook
  • Author(s): Sean D. Mack
  • Release date: November 2023
  • Publisher(s): Wiley
  • ISBN: 9781394169795