Readers should have intermediate skills in systems administration, and be comfortable with Linux and the hosting of websites. An understanding of Amazon Web Services and automation frameworks like Puppet and Chef, along with basic programming skills, is helpful, but not required.
I think so many places don't think about the "responding to attacks" part of the equation very well.
DevOps is the process of continuously improving software products through rapid release cycles, global automation of integration and delivery pipelines and close collaboration between teams. The goal of DevOps is to shorten the time and reduce the cost of transforming an idea into a product that customers use.
1. Test Driven Security (TDS). The first step of a security program is to define, implement and test security controls. TDS covers simple controls like the standard configuration of a Linux server, or the security headers web applications must implement. A great deal of security can be obtained by consistently implementing basic controls, and relentlessly testing those controls for accuracy. In good DevOps, manual testing should be the exception, not the rule. Security testing should be handled the same way all applications tests are handled in the CI and CD pipelines, automatically, and all the time.
2. Monitoring and responding to attacks. It is the fate of online services that they will get broken into eventually. When incidents happen, organizations will turn to their security teams for help, and a team must be prepared to react. The second phase of continuous security is to monitor and respond to threats, and protect the services and data the organization relies on, through techniques like fraud and intrusion detection, digital forensics and incident response, with the goal to increase the organization’s preparedness to an incident.
3. Assessing risks and maturing security. A successful security strategy cannot succeed when solely focused on technical issues. The third phase of continuous security is to go beyond the technology and look at the organization's security posture from high altitude, via risk management and security testing, both internal and external, to help organizations refocus their security efforts, and invest their resources more efficiently.
Securing DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. This introductory book reviews state of the art practices used in securing web applications and their infrastructure, and teaches you techniques to integrate security directly into your product. You'll also learn the core concepts of DevOps, such as Continuous Integration, Continuous Delivery and Infrastructure as a Service. You'll build an example service - an invoice management API - as you learn how to implement both DevOps and Security concepts together. By the end of this book, you'll be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.