In many technical communities (security included) there exist both proprietary and community software solutions to solve common problems. Frequently, experience solving such problems with community-developed open-source solutions can be sufficient to gain access to employment opportunities, however dedicating unpaid time to learning those tools can be a struggle.

Luckily (due mostly to coincidence) much popular open source security tooling for security works using the same or very similar platforms and technologies as modern open source IT infrastructure automation (aka DevOps). This means that, depending on project focus, it is possible to use DevOps roles as a paid training opportunity for learning certain blue team infosec skill sets (primarily patch/vuln management, scanning, digital supply chain security, and log management).

During this 30 minute talk Jason will detail tools, technologies, and platforms that are shared between the disciplines. Additionally, some time will be spent discussing ideal projects to participate in to build desirable security skills while being paid for performing DevOps responsibilities. Finally, we’ll touch on supplementary opportunities that might provide additional experience to people for whom this sort of a lateral career transition might be appealing.