
Ask HN: Best DevSecOps Literature - smithza
I am wanting to learn more as a working SWE how to learn and implement DevSecOps best practices. Any literature recommendations?
======
neuroticfish
Genuine question: why is DevSecOps a thing? What is the difference between it
and DevOps? Or separate DevOps and SecOps teams? Or InfraOps? At what point
does it become systems administration with inflated titles? I've even seen
business people call themselves "BizOps".

~~~
twunde
Devops/InfraOps/SRE - Engineer/Sysadmin with infrastructure experience focused
on reliability. May have some security knowledge but not a security expert.

SecOps/Security Engineer - Typically focused on responding to security
incidents and proactively preventing security issues. Typically this involves
threat detection, pen testing, security reviews. They can often reverse-
engineer malware but they may or may not be able to write a web app. Probably
can't set up the infrastructure to run their security platforms.

DevSecOps - Security focused Devops engineer. Expected to have significant
security experience, but probably not doing pen-tests. Likely working on
container security, setting up and running security platforms. May be a
security consultant for devops engineers the same way a security engineer is a
security consultant for app engineers.

------
smithza
The deeper inquiry of mine is best practices on containerization, continuous
development/integration and where security fits in the loop.

