John Willis
Bad people eat good systems for breakfast.
Atlanta, Georgia, United States
Actions
John Willis is Senior Director of the Global Transformation Office at Red Hat Prior to Red Hat,
he was the Director of Ecosystem Development for Docker, which he joined after the company
he co-founded (SocketPlane, which focused on SDN for containers) was acquired by Docker in
February 2015. Previous to founding SocketPlane in Fall 2014, John was the Chief DevOps
An Evangelist at Dell, which he joined following the Enstratius acquisition in May 2013. He has also
held past executive roles at Chef and Canonical. John was one of the earliest cloud evangelists
and is considered one of the founders of the Devops movement. John is the author of 7 IBM
Redbooks. He is also the co-author of the “Devops Handbook” and “Beyond the Phoenix
Project” along with author Gene Kim.
Links
Area of Expertise
Topics
DevSecOps - The Broken or Blurred Lines of Defense
A classic model for risk management and control is something called “The Three Lines of Defense (3ODL).”
The three lines are as follows:
Line 1: Risk Owners - Front line staff and operational management
Line 2: Risk Oversight - Risk management and compliance functions
Line 3: Risk Assurance - Internal audit
However, with the advent of modern sociotechnical systems like Agile, Cloud Native, and Event-Driven architectures these legacy lines (3ODL) are at best blurred and at worst completely broken. With the modern patterns and practices of DevOps and DevSecOps it’s not clear who the front line owners are anymore. Risk management and organizational compliance teams struggle to adapt to new cloud-native models such as ephemeral containers, microservices, and event-driven architecture like serverless. Most organizations' internal audit processes today are highly toil based and have low efficacy. This is something I have called in previous presentations “Security and Compliance Theater.”
In this presentation, we are going to look at a couple of case studies that include the good, the bad, and the ugly when it comes to 3ODL. Primary topics covered will be organizational design, DevSecOps, and Automated Governance.
Target is anyone working IT who is interested in Cyber Defense.
John Willis
Bad people eat good systems for breakfast.
Atlanta, Georgia, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top