Skip to content

February 25, 2022

Gene Kim’s Audit and Security Playlist

By Gene Kim
Gene Kim's Audit and Security Playlist

“How does DevOps ideally interact with information security and compliance?”

This is a problem that was extensively explored in The Phoenix Project, and I have learned so much about the amazing ways that solutions can be found. Here are my favorite videos that describe how information security has shifted from being viewed as a burdensome obstacle to people helping everyone across the organization.

The Audit Mythbusting Panel (DevOps Enterprise Summit – Las Vegas 2019)

If you think that your auditors will never allow you to do DevOps, you must watch this incredible video. We assembled representatives from each of the Big Four audit and assurance practices to describe how DevOps for their clients is not only possible, but viewed as mandatory because they want their clients to still be around in ten years.

This is one of the coolest things I’ve done, and I suspect you’ll be as blown away by their skills as I was. You’ll want your auditors to watch this, too.

How Fannie Mae Uses Agility to Support Homeowners and Renters (DevOps Enterprise Summit – Las Vegas 2020)

This is one of my favorite sessions of all time because we hear from the leadership team at Fannie Mae, a Fortune 25 company. We learn how technology was critical for achieving their short-term objectives, such as responding to the COVID-19 pandemic, and also in the long-term, helping them manage the risks of a $4 trillion balance sheet, which is often comprised of 30 year mortgages.

But we also hear from Chris Porter, their Chief Information Security Officer—among other things. He talked about how his team was creating “paved roads” to help thousands of Fannie Mae developers get to production quickly, safely and securely.

From Your Auditor Friends: What We Wish Every Technology Leader Knew (DevOps Enterprise Summit – Europe 2021)

This was one of my favorite plenary sessions, where the audit team from Nationwide Insurance, the largest mutual insurance company, shared some very specific advice to technology leaders on dealing with auditors.

They will continue to bust some commonly held beliefs about audit, some of which may surprise you!

DevOps and Internal Audit: A Great Partnership (Part 2) (DevOps Enterprise Summit – US 2021)

After watching the video above, you’ll see this follow-up presentation they did, where they give very specific guidance and examples on how to deal with common issues that we have in DevOps—specifically how to deal with concerns around change approvals and separation of duties.

- About The Authors
Avatar photo

Gene Kim

Award winning CTO, researcher, and author.

Follow Gene on Social Media

No comments found

Leave a Comment

Your email address will not be published.

Jump to Section

    More Like This

    Map Camp: Weird Mapping – How to Create a Revolution
    By David Anderson

    A version of this post was originally published at Dave Anderson, author of…

    Serverless Myths
    By David Anderson , Michael O’Reilly , Mark McCann

    The term “serverless myths” could also be “modern cloud myths.” The myths highlighted here…

    What is the Modern Cloud/Serverless?
    By David Anderson , Michael O’Reilly , Mark McCann

    What is the Modern Cloud? What is Serverless? This post, adapted from The Value…

    Using Wardley Mapping with the Value Flywheel
    By David Anderson , Michael O’Reilly , Mark McCann

    Now that we have our flywheel turning (see our posts What is the Value…