Automating Security & Compliance (for Fun & Profit)

Updated on December 25, 2016
GOTO Chicago 2017
Nicole Johnson
Nicole Johnson

Manager, Solution Architects at Chef Software

The business demands innovation. IT infrastructure and application development agree. But of course it’s not that easy. Now the corporate security team would like to meet, and the auditors have a few words for you too. (Those words are “wait just a minute”.) How do we ensure that as we modernize, we don’t introduce unacceptable risk? Incorporating security and compliance into infrastructure updates from the beginning means we can forestall project-derailing last-minute roadblocks.

Automated security and compliance tests are how we track and assess our risk levels as we release changes. I’ll demonstrate a live walkthrough of building a compliance testing profile based on an industry-standard CIS Benchmark. Learn how to codify compliance profiles, incorporate such compliance testing into your release automation processes, and keep your internal stakeholders saying “yes, and” instead of “no, because...”.