It seems the above is very much “the question” on the minds of security teams looking to take the CI/CD plunge (or who’ve already jumped in, and are splashing with the sharks without their chain-mail wetsuits). But what does it mean? This “re-architecting” of which you speak? And, just when that young lad in the […]
Why worrying about “being slow” is shaking the wrong tree
No, I’m not talking about whether you may have two or three toes. I’m talking about the real issue behind the 7th, and actually the far deadliest of security architecture sins: sloth. Thanks to our toe-challenged friend, we tend to think of sloth as being simply slow. Sure, this is a problem—especially in security architecture. […]
DevSecOps picnics in the park
As you might know, I really do waffle a bit between loving and hating DevSecOps as a concept. I think it’s great on the one hand because it’s shined a light on a lot of really bad software development practices people like John Viega, Gary McGraw and my friend Sverre Huseby have been talking about […]
When to ignore Teddy Roosevelt
I have to admit I have a lot of respect for Teddy Roosevelt and many of the things he did and said. In fact, I have his “arena” quote printed out and stuck to the wall above my desk. One of his other famous quotes is this one: “In any moment of decision, the best […]
The two key dimensions of Agile Security
Some people think agile is about going fast and being unconstrained by processes. That’s part of it, but that aspect alone is also not that far from the definition of anarchy: a state of disorder to due the absence of authority. What agile is really about is being able to make effective decisions, and that […]
