Investments Unlimited | A Novel About DevOps, Security, Audit Compliance, and Thriving in the Digital Age

HOME           BOOKS           RESOURCES           CLASSES         PODCAST           VIDEOS           CONFERENCE           BLOG

Investments Unlimited
A Novel About DevOps, Security, Audit Compliance, and Thriving in the Digital Age
By Helen Beal, Bill Bensing, Jason Cox, Michael Edenzon, Dr. Tapabrata "Topo" Pal, Caleb Queern, John Rzeszotarski, Andres Vega, and John Willis
Coming September 13, 2022
In the vein of bestselling titles The Phoenix Project and The Unicorn Project, Investments Unlimited helps organizations radically rethink how they handle audit compliance and security for their software systems. By introducing concepts, tools, and ideas to reimagine governance, this book catalyzes a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure.
"Investments Unlimited is The Phoenix Project for Information Security!  ... A compelling novel that balances business, product, and regulatory concepts with just enough technical detail, and provides a general roadmap for modern governance and automated compliance."
Dana Finster, Technical Expert-Cybersecurity
Order       Description       Authors       Excerpt      Book Club
Order the book:
“Finally we have a book that can be leveraged by everyone in your organization involved in meeting security, audit, and compliance requirements. You'll be able to apply this practical guidance immediately, and I really appreciate the inclusion of all of the functions and roles required to be successful. It's a great reminder that we are all in this together!”
Courtney Kissler, CTO, Zulily
About the Book
Investments Unlimited, Inc. has accomplished what many other firms in their industry have failed to do: they have successfully navigated the transition from legacy ways of working to the digital frontier. With the help of DevOps practices, Investments Unlimited delivers value to its customers with speed and agility. But now, all that work is about to fall apart. Sure, DevOps helped the company adapt, but it also failed them.

While features moved through the organization swiftly, their governance process became inundated with friction, frustration, and failure. And now, their inability to deliver what they promise has led regulators to slap them with an MRIA (matter requiring immediate attention), the final warning before cease-and-desist letters and fire sales.

With the future of Investments Unlimited on the line, a cross-functional team of executives and engineers has just months to develop a modern governance process that satisfies regulators but doesn’t slow down the company’s ability to compete in the market. It is up to this ragtag team to navigate trials, tribulations, site failures, and supply chain attacks, all on their path to save the company from disaster.

In the vein of the bestselling The Phoenix Project and The Unicorn Project, Investments Unlimited radically rethinks how organizations can handle the audit, compliance, and security of their software systems—even in highly regulated industries. By introducing concepts, tools, and ideas to reimagine governance, Investments Unlimited catalyzes a more humane way to enable high-velocity software delivery that is inherently more secure.
Investments Unlimited builds upon years of DevSecOps literature while firmly anchoring the principles into regulated entities like financial services. The technology fable will keep you engaged with relatable stories and conversations, and practical knowledge for you to implement at your own firm and inside your team.”
Dr. Branden R. Williams, VP IAM Strategy, Ping Identity
About the Authors
Helen Beal is an award-winning DevOps speaker, writer, and strategic advisor. Bill Bensing is a software architect helping to standardize DevSecOps. Jason Cox is a champion of DevOps practices and leads SRE teams. Michael Edenzon is a senior IT leader and engineer modernizing the technical landscape for highly-regulated organizations. Tapabrata (Topo) Pal is a DevSecOps thought leader who leads DevOps transformations at large financial institutions. Caleb Queern helps CIOs and CISOs reduce risk as they quickly build software so they can grow and compete. John Rzeszotarski provides thought leadership to large enterprises on reliability, scalability, regulatory issues, and more. Andres Vega works in security, compliance, and privacy engineering. John Willis is a bestselling author and considered one of the founders of the DevOps movement.
“Today, software developers are just as much security engineers, whether they know it or not. In a unique and compelling way, Investments Unlimited illustrates how to safely automate security testing, audit, and compliance to help organizations move faster, safer."
Jim Manico, Founder and Secure Coding Educator, Manicode Security
An Excerpt
Susan Jones had been the CEO of Investment Unlimited, Inc. (IUI), for five years. She was quick on her feet and always appeared to ask the right questions and make the right decisions. The board trusted her. But right now—although you couldn’t tell from her demeanor—she was panicking.

“How did you find out?” Susan said into the phone, nearly gasping. Behind her the noise of Rich and Lucas making Rich’s famous pizza seemed to disappear. All she could hear was the beat of her own heart and Jason on the phone.

“I met with Bernard this evening,” Jason replied, “at our regular two-finger Scotch session. He let me know that the MRIA will be issued to IUI.”  Jason paused. He knew this news was going to rattle Susan. He could already hear it in her voice. He continued, trying to provide some assurance. “You know, it may feel like regulators are out to get us, but they’re really there to help us, to help protect our customers.”

“You could have fooled me,” Susan replied half under her breath. She didn’t think Jason heard as he kept talking.

“It’s not uncommon for an MRIA to be informally notified through back channels so there’s no surprise when it’s issued. Bernard has a good relationship with the director of the regulatory agency approving the MRIA. That director reached out to Bernard as a show of good faith,” Jason said.

Susan took a deep breath. She was familiar with an MRIA, a Matter Requiring Immediate Attention, but only in concept. Actually being issued one was alarming. Federal regulators only issue an MRIA when something is seriously wrong at a bank. They aren’t handed out like candy. Susan had heard horror stories from other institutions, but she’d never had one issued at a bank she worked at—let alone the bank she ran.

“Do you know what the MRIA is about?” Susan asked.

“Yes, it’s frankly embarrassing. There are over fifteen MRAs that were issued to IUI over the past eighteen months. Our IUI team has asked for several extensions with those and there doesn’t seem to be a clear plan in closing them. That’s why this MRIA is being issued. Our team hasn’t provided any evidence of progress, and the agency now feels that we really have a huge problem.”

“I see,” Susan said. But really, she didn’t understand at all. How had her team let this happen? How had she let this happen?

“As you know, it’s a big issue,” Jason said. “Just remember, you’re in that CEO spot because Bernard thinks the world of you and knows you are extremely capable. I reminded him that he couldn’t have retired without you. He agreed.”

“Thanks for those kind words, Jason. We’ll have to get the whole team together first thing in the morning to tackle how we found ourselves in such a mess. There’s nothing more we can do tonight.”

“Sounds good,” responded Jason. “I’m sorry to interrupt your evening, but I knew you would want to know. I’ll talk to you tomorrow. Have a good night.”

“Yes, thanks, Jason. I’m glad you called. Good night.” Susan ended the call and sat down at the dining room table. It was a long table that fit over fifteen people, and it was always made up as if there was a dinner party starting at any moment.

She sat there, waiting for the numbness to wear off, waiting for her thoughts to slow down to a crawl.

Sign up for the most up to date news.