Don't be the Chump Guard - How Good Change Management is at the Heart of DevSecOps

The most basic point in security is to make sure the thing you are securing is actually what you think it is. While that seems obvious, cultural blind spots often lead us to overlook the basics while obsessing over more exciting, exotic scenarios.

It is a common bit of human nature and even shows up in pop culture as a plot device in spy or ‘heist’ movies. The thieves swap the real thing for a fake while the chump guards think everything is OK. In fact, in a lot of cases, the guards would have had no way to verify the authenticity of the item even if they were suspicious.

Meanwhile, in our rapidly changing application environments, the thing being protected changes rapidly by design. That rate of evolution means that you must constantly re-verify that the new iteration is actually what it is supposed to be.

This ‘back to basics’ talk provides a lens for understanding what good, automated Change Management processes look like. It will discuss:

  • How assumption is the mother of all foul ups
  • Why bureaucratic change management fails
  • Three core principles for automated change management processes
  • Examples along the way

This talk will discuss problems, approaches, and solution patterns. It will explicitly not have a tool or demo focus, but instead look at the approaches, processes and context into which you can fit tools.



Dan Zentgraf


Dan is a technology professional focused on bringing DevOps practices to enterprises. He has over 20 years in the IT space and has served in a variety of capacities including Product Management,