ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Security infrastructure as code."
Episode Synopsis
We’ve been wrestling with the idea of software development methodologies (Waterfall, Agile), infrastructure-as-code (cloud deployments, DevOps, DevSecOps) and coding best practices (OWASP, BSIMMS, SAMM) going on for two decades now. These are not independent systems. They overlap and interact. Up to this point, at least for the security side, they have been manual tasks, toil, that are prone to mistakes. We all know that automation can reduce the impact, at least be consistent with mistakes we make, and can offer a uniform fix across the enterprise once we have decided what to do. Automation is the key first principle strategy to get this done and DevOps/DevSecOps is the tactic we will all use to get there.Rick Howard takes us through the topic.
For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.
Learn more about your ad choices. Visit megaphone.fm/adchoices
For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.
Learn more about your ad choices. Visit megaphone.fm/adchoices
More episodes of the podcast CISO Perspectives (public)
The existing state of regulation.
23/09/2025
The return of CISO Perspectives.
16/09/2025
Bringing it all together.
08/07/2025
Mid season reflection with Kim Jones.
10/06/2025
Are we a trade or a profession?
22/04/2025
Is the cyber talent ecosystem broken?
15/04/2025
CISO Perspectives is back!
08/04/2025
In God we trust