FinOps and Cyber Security

I had a great time at AWS Summit London 2023 earlier in the year. Saw loads of old friends and met new ones.

You may well ask what my favourite thing was. Actually, it was the talk How to implement AWS cost optimization strategy that works by Steph Gooch from AWS and David Andrews from Just Eat.

Why? FinOps has a limited relationship to security unless someone is running a crypto miner.

Because I see that FinOps and Cyber Security (and Data Governance) share a lot of the same ways of working. That being, trying to convince developers to do things that are not always on their journey to delivering a useful product.

I’m ok with that too. Security is on it’s own journey and, being pragmatic, it needs to be added when at the point it’s needed. But our job is to check in with the teams as close as possible to the time when it’s needed.

What I enjoyed most about the talk is that the language used is not tainted by years of treating humans as the problem rather than the solution.

Securing IT systems has been around a long time and has its roots and language in the military and academia which aren’t neceserily reflective of how a modern business operates. For security to be effective we need to reduce the fear of security, and reducing agressive language is one way to improve adoption.

FinOps does not have any of this baggage being at most a few decades old. So it’s refreshing to see how a relatively clean slate can work and inspire developers to care about the thing that you care about.