This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
+++ Incident +++ Unfortunately the power strips on the desks are not working in the main room ——————
Ticket filed. 😉 Thanks for letting us know. We’ll fix that over the break. 🙏 for your battery life.
Yes! We’ll post the GitHub link, and also add them to the video library alongside the videos when they’re up.
Not sure if this the right channel, if not apologies and directions appreciated. Is there a good audit/compliance 101 (preferably with examples of how to apply traditional controls from frameworks like NIST, COBIT, SOX, etc) in a way compatible with a modern devops minded SDLC? In the BOF session we had on this topic we weren’t really able to identify a lot of these, if any.
@aggenebbisj one source of shared learning is chapter 6 of Sooner Safer Happier. This is what we did where I was working (I was the owner of change controls in a highly regulated organization). Doesn’t specifically mention NIST or COBIT. Happy to chat.
I suddenly remembered a document that is a great example of what I’m looking for, but not complete: The DevOps Audit Defense Toolkit (https://itrevolution.com/product/devops-audit-defense-toolkit/) @genek did this document ever evolve as hinted at in the conclusion?
Ah, yes! @jeff.gallimore and I worked on that! Gosh, Jeff, I think so much came out of it, but that document was never updated. Anything you'd like to see or help with? (We should update the doc to include all the work we've all done around security and compliance!)
That’s a good question. Will definitely get back on that one. And would be happy to help wherever it makes sense. What’s the best communication channel to use for this? Will this channel still be read after the conference for example?
Would love to see a 2023 version of that document - even with some recommendations on approaches, and even perhaps tools?