Training - Defensive DevOps

6 hours, up to 15 attendees.


DevOps often focusses on systems like web servers that are easy to automate, but rarely touch on systems that are hard to automate, like Active Directory domain controllers. Defensive DevOps works with your organisation to consider attack surface and threat models, to establish the most important locations to introduce DevOps technologies.


The DevOps revolution is in full swing, with a variety of tools and techniques being announced and implemented every day. Our systems no longer look to deploy on physical hardware, instead aiming to be hosted on the cloud and other virtualised systems.

Docker and the rise of deployable artefacts straight from your developer are a powerful promise to erase “works for me” from our lexicon forever.

But our cultures are still adapting, and how do we approach these concepts while keeping security in mind? All these automation tools are still programming, and programming is always filled with bugs and security holes.

And being human, we can’t always see what those holes look like.

In this session, the group will work through the rise of the DevOps revolution, and what it means both from a technical and cultural standpoint. We’ll discuss how to model where your points of failure will be, and which ones will be the most catastrophic. We’ll talk about security, how it’s a reliability concern, and how best to make it part of your journey to sustainability.

Most of all, we’ll talk about culture, and the cultural changes to ensure that your team can take advantage of all that DevOps has to offer.

This session is ideal for developers or operational people who want to know more about using automation tools, how to do it securely, and how to understand and work with the culture of their organisation.

This session is limited to between 6 and 15 participants, and runs for 6 hours (including lunch and breaks).