SecOps = DevOps + Security

Good Read:

DevOps Overview:

  1. Code — code development and review, source code management tools, code merging
  2. Build — continuous integration tools, build status
  3. Test — continuous testing tools that provide feedback on business risks
  4. Package — artifact repository, application pre-deployment staging
  5. Release — change management, release approvals, release automation
  6. Configure — infrastructure configuration and management, Infrastructure as Code tools
  7. Monitor — applications performance monitoring, end–user experience

DevOps Movement Core value –> CAMS:

  • Culture
  • Automation
  • Measurement
  • Sharing

Deployment/Release Strategy

Infastructure as Code

  • Terraform: create, combine and manage infrastructure across multiple providers
  • Chef



  • Dockers: containerization
  • VirtualBox: virtualization/hypervisor
  • Vagrant: create and configure portable development environment


  • Rundeck: Self-Service Operations Console
  • Sonarqube: Continuous Code Quality
  • SumoLogic: machine data analytics platform
  • Scalyr: log search and management
  • Stackdriver: Monitoring and management for services, containers, applications, and infrastructure
  • prometheus

Log Journal



Access Control Model:

  • Attribute-Based Access Control
  • Role-Based Access Control


APM = Application Performance Monitoring

APM Vendor:

Logging vs Instrumentation

  • Logging: actionable logs
  • Instrumentation: meaningful number/metrics

RED Method

  • (Request) Rate - the number of requests, per second, you services are serving.
  • (Request) Errors - the number of failed requests per second.
  • (Request) Duration - distributions of the amount of time each request takes.

USE Method

  • Utilization: the average time that the resource was busy servicing work
    • as a percent over a time interval. eg, “one disk is running at 90% utilization”.
  • Saturation: the degree to which the resource has extra work which it can’t service, often queued
    • as a queue length. eg, “the CPUs have an average run queue length of four”.
  • Errors: the count of error events
  • resource: all physical server functional components (CPUs, disks, busses, …)

4 Golden Signal

  • Latency: The time it takes to service a request.
  • Traffic: A measure of how much demand on the system.
  • Errors: The rate of failed requests.
  • Saturation: A measure of how “full” a service is, often measured by latency.

ELK Stack (now called Elastic Stack)

  • Elasticsearch: data
  • Logstash
  • Kibana: Visualization
  • Beat

TIG Stack

  • Telegraf
  • InfluxDB
  • Grafana
  • Kapasitor:


rsyslog to forwarding log messages in an IP network



Twelve Factor App

  1. Codebase: One codebase tracked in revision control, many deploys
  2. Dependencies: Explicitly declare and isolate dependencies
  3. Config: Store config in the environment
  4. Backing services: Treat backing services as attached resources
  5. Build, release, run: Strictly separate build and run stages
  6. Processes: Execute the app as one or more stateless processes
  7. Port binding: Export services via port binding
  8. Concurrency: Scale out via the process model
  9. Disposability: Maximize robustness with fast startup and graceful shutdown
  10. Dev/prod parity: Keep development, staging, and production as similar as possible
  11. Logs: Treat logs as event streams
  12. Admin processes: Run admin/management tasks as one-off processes