Are you striving to be a change agent? If yes, see below for a checklist of resources to help you on your journey of transforming IT to a secure, available and agile organization.
Recently RSA hosted a virtual conference titled, DevSecOps – Whose Job Is It Anyway? We found this presentation to be very useful and wanted to create a follow up asset for our community of security and network professionals to take the next steps.
Step 1: Speak the language of the business
Regardless of your role, it is a well documented by experts that IT professionals need to understand the relationship between the applications, network or infrastructure they support, and how it impacts the business.
As a leader it is even more pressing for you to understand the SLA commitments in place, in addition to how you can enable greater business results (for example by increasing the throughput of a specific part of the network). With an understanding of how your teams actions positively or negatively impact internal customers, you will be more effective at prioritizing your teams resources. Listen to the founder of Indeni, Yoni, describe how he leads in the areas of network operations and automation.
How to do this? Here are the best resources from our community:
- Ask your counterparts what type of content they follow, for example:
a. Solving the productivity puzzle by McKinsey Research
b. Whiteboard Session 3 Myths of Collaboration by Harvard Business Review
- Tough conversations are just that, tough. Learn how to do them less awkwardly:
a. Crucial Conversations – Tools for Talking when Stakes Are High
Step 2: Have the right mindset and be a great communicator
It is unrealistic to expect individuals on your team, or other departments, to be experts in everything. Someone needs to understand the business, network architecture, devices used, how to create scripts, on top of security and compliance best practices. A fun quote that was mentioned on the webinar was, “You can send someone to clown school, but that won’t make them funny.” Once you internalize this, you can empathize with other teams, and then find pragmatic solutions to better serve those departments.
Three resource links:
- Get your mind right – Many of the issues you are facing someone else has experienced before also. Learn from their mistakes. Read the Phoenix Project
- Find like minds – You need peers to bounce ideas off of each other – Join Indeni Crowd
- Stop using carrots and sticks – Get your messages out in a creative way – For example give cross functional awards for those who embody the DevOps culture you’re trying to create. Sample award names could be:
- The Warrior Award – Someone who is great at breaking down silos
- Eagle Eyes Award – Give to someone who focuses on quality
- Smooth Operator Award – Someone who is great at offering feedback without blame
- Smokey the Bear Award – Someone who is the internal security champion “Only you can prevent a security breach”
- No Fear Award – Someone who takes calculated risks, and doesn’t fear failure
Step 3: Embed best practices in Day-to-Day operations
The #1 barrier to implementation of automation is not having enough talent to complete existing initiatives or to jump start new automation initiatives. In fact, only 27% of survey respondents to Network Security Automation survey indicated that they are using runbooks. Runbooks contain checklists and processes for operations to follow. It is inside these checklists is precisely where security and compliance needs to be interjected. Now, what if no one is reading your documentation, in a runbook or otherwise?
If you want someone do something, you have to make it drop dead simple. Better yet, make it easier for them to perform the same task but with greater efficiency.
- Relentlessly remove waste – Reduce and/or simplify the tools that are provided to those departments to do their job
- Automate validation of best practices – Leverage solutions that double check the work of your team members, and catch well meaning errors.
Final step: Facilitate DevOps in Network and Security Teams
With the Indeni Automation Platform, operations has a personal assistant proactively identifying issues before they become major events. Indeni continuously validates network and security devices are operating based on security and compliance best practices. Learn more by downloading How Indeni Works Technical White Paper or Download Indeni.