“Why are [DevOps tools developers] creating tools, like Jenkins or Marathon, that don’t require authentication? Just because it’s behind a firewall doesn’t mean that some attacker isn’t going to actually try and leverage it at some point,” Bryan pointed out.