search menu icon-carat-right cmu-wordmark

Posts by Aaron Volkmann

Incremental Security Hardening the DevOps Way

Incremental Security Hardening the DevOps Way

• Blog
Aaron Volkmann

The art of security hardening is growing in demand. Modern system architectures and orchestration techniques that leverage virtualization, cloud providers, containers, and microservices enable an explosion of the number of hosts that comprise a system and in turn yield an increase of the attack surface area. This post provides insights on how to execute a security hardening strategy with a DevOps mindset....

Read More
The Secure

The Secure "Hello World"

• Blog
Aaron Volkmann

Software development project stakeholders can often be tempted to put security requirements on the back burner when developing software systems. During one particular large-scale software development project I was involved with, which was a distributed system consisting of many components communicating over the network, runtime performance was the most important quality attribute. The engineers brilliantly invented their own lightweight protocol to maximize runtime performance. Once the system was to be transitioned into production operations, it...

Read More
Backing From the Cliff's Edge: Minimizing Risk With DevOps

Backing From the Cliff's Edge: Minimizing Risk With DevOps

• Blog
Aaron Volkmann

DevOps practices can increase the validity of software tests and decrease risk in deploying software changes to production environments. Anytime a software change is deployed to production, there is a risk that the change will break and lead to a service outage. This risk is minimized through rigorous testing of the software in a separate test environment where the change can be safely vetted without affecting normal business operations. Problems can arise, however, when these...

Read More
Integrating Your Development and Application Security Pipelines Through DevOps

Integrating Your Development and Application Security Pipelines Through DevOps

• Blog
Aaron Volkmann

By Aaron Volkmann Senior Research Engineer CERT Division The DevOps philosophy prescribes an increase in communication and collaboration between software development and operations teams to realize better outcomes in software development and delivery endeavors. In addition to bringing development and operations closer together, information security teams should be similarly integrated into DevOps-practicing teams. An automated way of performing complete software security assessments during continuous integration (CI) and continuous delivery (CD) does not exist yet, but...

Read More
Developing with Otto: A First Look

Developing with Otto: A First Look

• Blog
Aaron Volkmann

By Aaron Volkmann Senior Research Engineer CERT Division You will be hard pressed to find a DevOps software development shop that doesn't employ Vagrant to provision their local software development environments during their development phase. In this blog post, I introduce a tool called Otto, by Hashicorp, the makers of Vagrant....

Read More
 A DevOps a Day Keeps the Auditors Away (and Helps Organizations Stay in Compliance with Federal Regulations such as Sarbanes-Oxley)

A DevOps a Day Keeps the Auditors Away (and Helps Organizations Stay in Compliance with Federal Regulations such as Sarbanes-Oxley)

• Blog
Aaron Volkmann

Aaron VolkmannSenior Research EngineerCERT DivisionIn response to several corporate scandals, such as Enron, Worldcom, and Tyco, in the early 2000s congress enacted the Sarbanes-Oxley (SOX) act. The SOX act requires publicly traded companies to maintain a series of internal controls to assure their financial information is being reported properly to investors. In an IT organization, one of the main tenets of SOX compliance is making sure no single employee can unilaterally deploy a software code...

Read More
Can't Buy Me DevOps

Can't Buy Me DevOps

• Blog
Aaron Volkmann

The DevOps movement is clearly taking the IT world by storm. Technical feats, such as continuous integration (CI), comprehensive automated testing, and continuous delivery (CD) that at one time could only be mastered by hip, trendy startups incapable of failure, are now being successfully performed by traditional enterprises who have a long history of IT operations and are still relying on legacy technologies (the former type of enterprises are known in the DevOps community as...

Read More
DevOps Networking Solutions

DevOps Networking Solutions

• Blog
Aaron Volkmann

When building and delivering software, DevOps practices, such as automated testing, continuous integration, and continuous delivery, allow organizations to move more quickly by speeding the delivery of quality software features, that increase business value. Infrastructure automation tools, such as Chef, Puppet, and Ansible, allow the application of these practices to compute nodes through server provisioning using software scripts. These scripts are first-class software artifacts that benefit from source code version control, automated testing, continuous integration,...

Read More

Contact the Author

Aaron Volkmann

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Aaron Volkmann

View publications