Automating Security & Compliance (for Fun & Profit)

The business demands innovation. IT infrastructure and application development agree. But of course it’s not that easy. Now the corporate security team would like to meet, and the auditors have a few words for you too. (Those words are “wait just a minute”.) How do we ensure that as we modernize, we don’t introduce unacceptable risk? Incorporating security and compliance into infrastructure updates from the beginning means we can forestall project-derailing last-minute roadblocks.

Automated security and compliance tests are how we track and assess our risk levels as we release changes. I’ll demonstrate a live walkthrough of building a compliance testing profile based on an industry-standard CIS Benchmark. Learn how to codify compliance profiles, incorporate such compliance testing into your release automation processes, and keep your internal stakeholders saying “yes, and” instead of “no, because...”.