2009 Velocity Conference: 6/22-24, 2009, Santa Clara, CA
I'm re-watching John Allspaw [(@allspaw)](http://twitter.com/allspaw) seminal 2009 presentation called "10+ Deploys Per Day: Dev and Ops Cooperation at Flickr." This talk is widely credited for showing the world what #devops coudl achieve, showing how Etsy was routinely deploy features into production at a rate scarcely imaginable for typical IT organizations who were doing quarterly or annual updates.
I.e., for web svc, show monthly plans: $30/$60/$100; All but $30/mo will get "doesn't exist; provide your email addr"
Proposing Lean approach to infosec: small batches, fail fast and early. If can't fix few, how can we fix lots? Nice.
"Rule 3a: Don't teach developers security: evidence shows this doesn't work. It shows Dev games system."
"62% of FSI think time to market and need to release products w/shorter dev cycles is #1 issue" (bad for infosec)
"Who would get fired first: infosec, develoeprs, execs, sales, bizdev" (all but one are cost centers)
Haha. All but infosec increase profits. Infosec is just cost center. Hilarious. True.
I suppose what @miscsecurity is proposing is that Infosec needs to work for free.
Notes for Flynn:
* problem arising that hashtag doesn't match Session -- I want to append @miscsecurity, but want to watch all #bsides. Any suggestion?
* Correcting tweet doesn't retrofit fixes: when does it?
* Changing hashtag from #bsides to #bsidesSF doesn't change Stream
* I've changed my mind: tweet stream doesn't go back far enough. Had to go back to Twitter client to scan mentions, and then got back, and got only a couple of minutes of tweets -- suggest 20m window