April Meeting: Integrating Compliance into the Development Process

Hey everyone,

We're looking forward to our meetup next week and it should be a great talk. We're also excited to announce our April meetup. It's going to feature Nathen Harvey. Nathen is VP of Community Development at Chef. He'll be talking about how we can use automation to improve security and make compliance easier.

Abstract:

Everyone wants to move faster and ship updates with higher velocity. Regulatory burdens and compliance can add extra drag on the system. Controls that live in notebooks, spreadsheets, and PDF files are difficult to verify. Scanning the production systems for compliance means you find violations when it's too late and when they're most expensive to fix. Compliance must be managed as code and must be part of your everyday development process if you'd like to improve compliance and increase velocity. In this talk, we'll look at one way you can move compliance controls directly into your development process. We'll explore InSpec, an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.

Bios:

Nathen Harvey, VP of Community Development at Chef, helps the community whip up an awesome ecosystem built around the Chef platform. Nathen also spends much of his time helping people learn about the practices, processes, and technologies that support DevOps, continuous delivery, and high velocity organizations. Prior to joining Chef, Nathen spent a number of years managing operations and infrastructure for a diverse range of web applications. Nathen is a co-host of the Food Fight Show, a podcast about Chef and DevOps, and a co-organizer of the DevOpsDC meetup group.

Dominik Richter, (@arlimus (https://twitter.com/arlimus)), is a product manager for compliance at Chef, entrepreneur, and co-founder of the open-source hardening framework, http://hardening.io (http://hardening.io/). He is deeply rooted in security and penetration testing and combined them with the velocity of DevOps to form InSpec (https://github.com/chef/inspec).