Listen to the latest episode of the Secure Developer podcastListen now

Guest Post

10 Books Every DevSecOps Enthusiast Must Read

December 18, 2018

Mohammed A. Imran

The more that you read, the more things you will know. The more that you learn, the more places you’ll go. ― Dr. Seuss


We at Practical DevSecOps are big fans of books, more so when the topic is DevSecOps. We get at least a few queries every week asking guidance on how to get started in DevSecOps, this blog post will answer exactly that. Following are some of our favorite books on DevSecOps, which are both practical and insightful

1. The Phoenix project, A Novel about IT, DevOps, and Helping Your Business Win

This book is one of the classics of the DevOps revolution by Gene Kim and others, If you haven’t heard about this book, now is the perfect chance to grab a copy and enjoy this novel with coffee or tea. Don’t worry, it’s fictional but very technical (mostly).

2. DevOpsSec

Fancy a quick introduction to the art of DevSecOps and tasks involved in it? Then look no further than DevOpsSec from Jim Bird. Bird has surprisingly summarized the ocean of DevSecOps into 80+ pages. If you are a bit skeptical about the DevSecOps approach, like Jim (the author) was at the beginning of his DevSecOps Journey and why he is a staunch believer now you must read this book.

3. Agile Application Security

Agile Application security is one of those rare books which brings together many experts in the field and lays a strong foundation for future generations. A very comprehensive guide to not only DevSecOps practices but practical implementations, if we want to pick one book from this list, Agile Application Security would be the one.

4. Building a Modern Security Program

Looking for practical advice from someone who has already done it? then this book from Zane Lackey of Etsy fame is just perfect, he takes you through on his journey of coming from a traditional security background and how Etsy’s DevOps implementation changed his views on running successful modern security programs.

5. Securing DevOps

A very recent addition to the growing list of DevSecOps Books from Julien of the Mozilla security team. The publisher sums it up nicely “Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You’ll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service.”

6. Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps

Though dry at times with lots of emphasis on standards, policies and compliance aspects of DevSecOps, definitely summarises lots of good information into a book.

7. Generation Z Developers

If programming scares you or you are just starting your career, you must read this amazing book from Photobox CISO Dinis Cruz. Dinis wrote this book for Generation Z (those who were born after 1996) but the tools (ChatOps, Docker, Jira, AI, etc.,) and techniques he shared, apply to anyone who wants to start learning DevOps.

8. The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations

This is another classic from Gene Kim and Jez Humble, a worthy sequel to The Phoenix Project. This book shows how a perfect marriage between DevOps and security would look like, showcases interesting case studies on how different organizations have achieved DevOps maturity.

9. SRE and The site Reliability workbook

The Software Reliability Engineering (DevOps) book from Google’s Operations Team. Do we need to say more? Go grab a copy!

10. Continuous Delivery

Why this book is listed here?  Any practical implementation of a well oiled DevSecOps pipeline needs a good understanding of Continuous Integration and Continuous Delivery. The author explains the need for CI/CD in cross-functional teams and how deploying in an agile, iterative process is the best way to develop software in a fast and secure manner.

Do you want to learn about the Practical DevSecOps tools and techniques in these books and implement them faster in your organization? then please check out our training course Practical DevSecOps – Continuous Security in the age of cloud – the next course is coming up 25-27 Feb 2019 in Singapore.

This blog post was originally published on

Mohammed A. Imran

Founder at Practical-DevSecOps.Com

About Mohammed A. Imran

Imran “secfigo” Mohammed is a seasoned security professional with 8 years of experience in helping organizations with their Information Security Programs. He has a diverse background in R&D, consulting and product-based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organized more than 60 events & workshops to spread security awareness. He was also nominated as community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry.


Application Security
Security Culture
We use cookies to ensure you get the best experience on our website.Read Privacy Policy