Gianluca Varisco on DevOoops (Increase awareness around DevOps infra security)
It’s time to have a quick chat with Gianluca Varisco, who is going to give two talks at Codemotion Milan 2015: “DevOoops (Increase awareness around DevOps infra security)” and “Operating a global infrastructure”
Gianluca, despite his young age, has already an impressive career: he is the VP of Security at Rocket Internet SE, responsible for overseeing the security architecture and compliance of the company’s massive, globally distributed network. All aspects of corporate security, including information protection, ID management, network security, threat analysis, emergency response, security policy, and audit/compliance programs fall under his purview. He has over 8 years of experience in developing and managing information systems. Prior to Rocket Internet, he held engineering roles at Red Hat, Lastminute.com Group, PrivateWave.
Hi Gianluca, could you give us a quick introduction to your talk?
The beauty of Security within DevOps is that it becomes part of the operational process of integrating and delivering code. I’m a huge fan of using automation and other approaches to mitigate potential security problems while maintaining high velocity. Said that, the adoption of DevOps creates more security risk for organisations. Getting visibility into the possible security gaps before an application is launched is more complicated because there isn’t the time to take weeks or months to ensure the security is hardened. The lack of visibility makes it challenging to make an informed decision on security.
In a quest to move faster, organisations end up creating security vulnerabilities using the tools and products meant to protect them. What happens when these tools are used insecurely or – even worse – they are just insecure? The technologies discussed during the talk will encompass AWS, Puppet, Jenkins, Vagrant, Docker, Elastic, Memcached and many others.
Any anecdote you may want to share about your work?
This job is definitely not for the fainthearted. As my responsibility is to make sure data / systems are secure, when things go wrong – and they often do – I am expected to bear the blame. I do always must stay one step ahead of criminal masterminds, check off a growing list of compliance boxes (often useless) and keep close tabs on leaky vendors and reckless employees who upload sensitive data to unsecure services / devices. I had to quickly learn how highly tuned communications are key to engaging the community at all levels, and the ability to manage and lead during any period of stress is something that gets noticed. My bleak reality? You can’t trust anyone or anything, anymore.
If you could improve one thing in tech conferences, what would it be?
Conferences exist so people can engage with others in their industry. I’d love to embrace this opportunity to bring “our” industry (“tech”) to non-technical people. It would be as simple as posing thoughtful questions that encourage people to open up and connect on a personal level. You’ll be surprised to see how the energy and nature of conversations start to shift and open up.
Who is/are your tech heroes and why?
I’m definitely fascinated by Elon Musk: his vision, how he wants to make a positive impact on humanity and leave his mark. But most importantly, he’s done a lot more in his first 40 years than even the most productive people do in their lifetimes. He’s a role model for entrepreneurs and anyone with a drive to change the world.
Is there any book you would suggest related to what you do?
I’m sensitive to the erosion of our privacy and the public conversation about surveillance in the digital age. What is the meaning of life in the modern age of surveillance? What kinds of checks and balances are required in terms of personal data collection, corporate data surveillance and ubiquitous mass surveillance by governments?
I definitely suggest you to read “No place to hide”, by Glenn Greenwald. It’s the story of a young systems administrator contracting for the National Security Agency, whom fled the United States for Hong Kong, carrying with him thousands of classified documents outlining the staggering capabilities of the NSA.’s surveillance programs–including those designed to collect information within the U.S. His name is Edward Snowden. Once in Hong Kong, Snowden arranged a meeting with Guardian columnist Glenn Greenwald, and so began the most explosive leak of classified material since the Pentagon Papers, over 40 years ago.
What/Who do you want to be when you “grow up”?
I do know that I want to bring about happiness, create change, affect people, inspire my peers and myself, be generous and wise. As you evolve psychologically, you realise there is still scope for further evolution. As you become knowledgeable, you realise there is greater knowledge. So, our life is characterised by constant evolution. I’m definitely actively working on those things right now.
Having had a terrible father, all I want is to be a great dad, be present and set examples of good behavior.
Totally random: What’s your favourite ost?
Amélie! It has one of the most beautiful piano music compositions I’ve ever heard. Yann Tiersen is an absolute genius in minimalist compositions. Brilliant stuff.
Thank you so much, can’t wait to see you on stage at Codemotion Milan 2015!Back to news list