About Gene Kim

I'm the multiple award-winning CTO, Tripwire founder, Visible Ops co-author, IT Ops/Security Researcher, Theory of Constraints Jonah, a certified IS auditor and a rabid UX fan.

I am passionate about IT operations, security and compliance, and how IT organizations successfully transform from "good to great."


7/30 - BSides Las Vegas- Las Vegas, NV
Mobilizing the PCI Resistance: Lessons Learned from Fighting Prior Wars (SOX-404)

9/20 - itSMF USA Fusion 2010 - Louisville, KY
Avoiding Audit Fatigue: Achieving Compliance In A Multi-Compliance World

9/24 - PCI SSC North American Community Meeting - Orlando, FL
Scoping SIG Update

9/24 - Interop New York - New York, NY
Creating Effective Security Controls: A Ten Year Study of High Performing Security Organizations

10/24 - NACD Corporate Governance Conference - Washington, DC
How IT Can Help (And Hinder) Boards


All my new posts are on my other blog

My new blog can be found here: http://itrevolution.com/devops-blog/


Talk Notes: "Why Does Bad Software Happen To Good People?", Matt Tesauro: LASCON Keynote

LASCON 2011: October 27, 2011

Matt Tesauro was the project lead for the LiveCD OWASP Project and is on the OWASP board. My notes are below...

Click to read more ...


Talk Notes: A Statistical Journey through the Web Application Security Landscape: Jeremiah Grossman: LASCON 2011

LASCON 2011: October 27, 2011

Jeremiah Grossman is the founder of White Hat Security, where my good friend Stephanie Fohn is currently CEO (she helped us with our first initiatives and product launches at Tripwire over a decade ago, for which I'll be forever grateful). Jeremiah is also very well-known for his work on metrics and benchmarking all aspects of vulnerabilities.

Here are my notes/tweets from Jeremiah's presentation:

Click to read more ...


Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011

LASCON 2011: October 27, 2011

James Wickett and his ex-boss @ernestmueller are both a very special breed of people. James is well-known for his experience as an information security practitioner and his leadership in the OWASP community (he is the conference chair for the upcoming 2012 OWASP USA conference). But what makes him so interesting to me is that a boundary spanner. Beyond just infosec, he has experience doing IT Operations, as well as Development and DevOps practices.

(Incidentally, I believe his presentation on "The Rugged Way in the Cloud--Building Reliability and Security into Software" as one of the seminal works on how to information security integrates into DevOps-style practices. It is shown below, even though that isn't the topic of this talk note:)

At LASCON, he presented with Peco Karayanev on the PIE tool they built to integrate security practices into daily development and IT operations work. It will look very similar to a DevOps presentation, but hints at how organizations can integrate and deliver the non-functional requirements from the Rugged Computing initiative (e.g., scalable, available, survivable, securable, supportable, etc..).

Here's how they describe PIE, which is a tool they developed at National Instruments to support developing applications that are served up in the cloud:

Click to read more ...


Talk Notes: Gamification: Gabe Zichermann: ISEPP Lecture Series

IESSP Lecture Series: November 17, 2011

This was a fantastic talk. Gabe Zichermann helped codify the gamification, writing a number of books on the topic, including "Game Based Marketing: Inspire Customer Loyalty Through Rewards, Challenges and Contests" and also the O'Reilly book "Gamification On Design".

My tweeted out notes are below:

Click to read more ...