7 Books to Boost your DevSecOps Career

Running an application in the cloud opens it up to various benefits, including speed, cost reduction, and higher efficiency. Together with these benefits, it also comes with a tonne of security threats unique to the cloud.

Traditionally, teams have had a separate security team to understand these threats and harden application systems against them but this isn’t efficient anymore.

As cloud technology evolves with new tech stacks being introduced every other day, there is more need for attention to security than ever.

The days of stand-alone security teams are over and DevSecOps is here to save the day.

DevSecOps brings a unique approach to cloud security by integrating security techniques into the DevOps process, creating a clear process of making cloud services safer.

With DevSecOps gradually becoming the order of the day, with thought creating this list of DecvSecOps books with unique concentration areas to help you improve your cloud security game.

This list comprises educating books that suit everyone - whether you’re a beginner or a bit more experienced.

DevSecOps: A leader’s guide to producing secure software without compromising flow, feedback, and continuous improvement

Glenn Wilson, the author of this book, is an experienced cloud security specialist and founder of Dynaminet - a DevSecOps and Agile security consultancy company.

This 221 paged book provides a structured way to integrate security into your application's development and IT operations process while playing safely by DevOps' guiding principles.

The book explains the basic security principles before teaching some keys concepts of DevSecOps, including;

• Automating integrated security testing
• Establishing a security-first culture among DevOps teams
• Using feedback loops to continuously improve products security
• Measuring security within your application value system

Epic Failures in DevSecOps: Volume 1

What’s better than learning from someone else’s mistake and applying the lessons to your own system?

Well, this DevSecOps book shares with you the process used by security experts in finding solutions to their cloud security, dwelling much on the failure recorded along the process.

Written by a team of eight cloud security experts, including Edwin Kwan (an Application and Software Security Team Lead at Tyro Payments), Chris Roberts (a Chief of Adversarial Research and Engineering at LARES), DJ Schleen (a DevSecOps Evangelist and Security Architect at CVS Health) and Stefan Streichsbier (CEO of Guardrails), you can be sure that you’re in for some real-life experience of each individual’s DevSecOps journey and the failure that came with it.

Epic Failures, Volume 2: Compliments of Sonatype

After recording a great user acceptance from volume 1 of the Epic Failures in DevSecOps book, the editor, Mark Miller, regrouped with another team of 11 security enthusiasts in 2020 to share their expertise in assigned DevSecOps principles.

It covers some DevSecOps topics like “Cultural Approaches to Transformations: Staying Safe and Healthy” by Marc Cluet, “The Seven Deadly Sins of DevSecOps” by Ryan Lockard, and “Collaboration vs. Silos” taken on by Sladjana Jovanovic and Bill McArthur.

Security Automation with Ansible 2: Leverage Ansible 2 to automate complex security tasks like application security, network security, and malware analysis

As a Cybersecurity enthusiast trying your hands on automating DevSecOps security operations, this book will come in very handy.

It is a well-detailed, beginner-friendly DevSecOps book that gives an in-depth explanation with examples on how you can automate security with Ansible - an open-source automation tool, used configuration management, application deployment, and other IT tasks.

The book was authored by Madhu Akula and Akash Mahajan, an experienced security professional.

Securing DevOps: Security in the Cloud

The author, Julien Vehent, is a well-versed security expert, leading the Operations Security team of the popular browser, Firefox, at Mozilla.

The book practically explores the essential techniques of applying security and DevOps together to make cloud applications safer.

It clearly explains securing key components of your cloud apps like the CI/CD pipeline, the infrastructure behind it, and the web application itself.

Microservices Security in Action: Design secure network and API endpoint security for Microservices applications, with examples, using Java, Kubernetes, and Istio

Focusing on microservices applications rather than the normal enterprise application, this book addresses microservices-specific security challenges using real-life application scenarios.

In addition to microservices security, the book covers the adoption of “secure by design,” code-level security testing, and deployment with Docker, Kubernetes, and Istio.

It was authored by Prabath Siriwardena and Nuwan Dias, Deputy CTO for security and management & integration, respectively, at WSO2.

Secure By Design

The book contains secure design patterns, best practices, and principles applied directly to real-world software development processes to achieve a secure cloud environment.

Secure by Design is a detailed book authored by Daniel Doegun (application development and security specialist), Dan Bergh Johnsson (a senior consultant at Omegapoint), and Daniel Sawano (a software developer and architect).