Information security nuggets from DevOps Weekly #150

Keeping an eye out for the DevOps Weekly email is something I’ve enjoyed since it started at the end of 2010. It’s usually chock full of tips for systems engineers, developers, managers, or anyone who is focused on environments that utilize continuous integration and deployment strategies. Quite a few of the tips are totally relevant for information security professionals who are looking for an edge at work.

This week, there are four links worth reviewing if you work in information security:

• sitespeed.io
• Burnout, Recovery and Honesty
• Audits of High Deployment Environments [PDF]
• A tcpdump Primer

The idea behind sitespeed.io is to monitor an application’s performance through deployments. Availability is critical to security (although it’s often de-prioritized until you feel the pain) and it can signal an attack in process. Performance degradation over time could allow the application to be knocked offline from smaller attacks.

Burnout, Recovery and Honesty is an anecdote from an IT worker about how their job changed their personal and home life. It’s worth a read so that you can catch the warning signs of burnout within yourself and your coworkers.

Bringing continuous deployments to large companies is challenging due to the number of compliance and regulatory programs. A great slide deck called Audits of High Deployment Environments covers some of the basic strategies for how to deal with these challenges.

Finally, my favorite nugget from this week’s newsletter is the the tcpdump primer. It’s a great resource for people who have never used tcpdump or for those of us who have only used some of the basic functionality. You’ll be able to get more data out of tcpdump with less fuss after reading the post.