“The Phoenix Project” discussion – Cybersecurity Canon 2017

Book Review by Canon Committee Member, Rick Howard: The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win (2013) by Gene Kim, Kevin Behr, and George Spafford

DevOps is perhaps the most important innovation that has happened to the IT sector since the invention of the personal computer back in the early 1980s. It is the idea that organizations would use the same Agile methodology they use today with their software development teams but expand it across all organizations in the deployment cycle: product managers, marketing professionals, developers, quality assurance practitioners, systems engineers, system administrators, operations staff, database administrators, network engineers and security professionals. The specific concept behind The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, as well as the DevOps philosophy in general, is that the development, quality assurance, deployment, maintenance and end-of-life of IT systems, to include security updates, is very similar to maintaining a production line of any other product. The best practice that has emerged since WWII to manage production lines is the Toyota Production System. DevOps is the IT version of that system. In it, DevOps practitioners try to reduce technical debt by limiting work in progress in order to control the flow of the entire system. I predict that, in 10 years, we will all be immersed in the DevOps philosophy. Because of the way the authors of The Phoenix Project explain DevOps through the novel form, the ideas are much more accessible to non-IT people: CEOs, CFOs and, yes, CSOs. Because of that quality, it is a must-read book for all C-level executives, including security professionals, and you should have read it by now.

Read the full review: