DevOps and Security is Like Smoking Meat

It isn’t everyone who thinks, “Doesn’t Ubuntu remind you of wild boar?” Or labors over his pit of slow roasted pork shoulder while contemplating containers or dwells on e2e testing while mesquite smoke permeates spareribs.

But, Apollo Clark (@apolloclark) does. Apollo is a foodie of smoked meats (is that a meatie or smokie?) - working to master the craft - understanding different cuts, what each type of wood adds, and the subtleties of sauces. But, alas, it is a hobby - security and DevOps are his career.

Being passionate about both, he naturally sees parallels between the two, so Apollo presented at the 2016 All Day DevOps conference with a session entitled, What Smoking Meat Taught Me About DevOps and Security.

Understandably, you are asking yourself, “What does smoking meat have to do with DevOps and security?” Apollo notes both have tremendous complexity and nuances, there are multiple ways of getting the job done, lots of ways to mess it up, a couple of ways of doing it right, and you are always learning.

For both, there are many tools and processes to get the job done. For smoking, your wood is a critical component, along with time. Let’s look at some parallels:

• Oak = unit testing
• Maple = coverage
• Apple = dynamic analysis
• Peach = static analysis
• Mesquite = e2e testing. People love it, but it is difficult to handle
• Wine barrel = browser support. This is when you are doing it really well
• Bourbon barrel = device support. Pretty complicated.
• Smoking time = testing. You can test or smoke for 5 min or 5 hours, but there is a sweet spot. You can oversmoke meats and you can over test.

Getting hungry?

Meat is critical to a meal of smoked meat, but so are many other components. Likewise, software applications take a suite of other tools and components to deliver the full package. Get your taste buds ready, because Apollo likens all of the goodness that goes with smoked meats to tools you use to keep applications running:

• Sauces = auto-scaling. They both can get pretty complicated. Always a little different, but you have to make it work for you.
• Bread = monitoring, which is the bread and butter of infrastructure. Make sure you have it up and down your stack.
• Salad = system logs. Not the sexiest things, but you can rely on them.
• Fruit = custom application logs. Takes a lot of time to pair them, but takes a really good thing and makes them better.
• Beer = firewall. You should always have both.
• Wine = Intrusion detection systems. These are your fine wines.
• Whiskey = IR training. It takes time and there are so many ways of doing it. When things break, we have procedures on how to deal with them.

When smoking meats and in DevOps and security, Apollo asks and answers, “Do we have to do everything? No, but the more we do, the better it will taste.

“Does it cost money and take time? Yes, but you can do great things even without money and time. You can use cheap meats and you can use open source. Start simple, build up complexity, and always be learning.” Constantly ask yourself, “Am I better today than I was yesterday.” If not, be better