It seems the above is very much “the question” on the minds of security teams looking to take the CI/CD plunge (or who’ve already jumped in, and are splashing with the sharks without their chain-mail wetsuits). But what does it mean? This “re-architecting” of which you speak? And, just when that young lad in the […]
Coronanormal cloud architecture
Over the last several years, a lot of big brains have been working on the problem of what “secure cloud” should actually mean. And they’ve spent a lot of time producing a lot of documentation—and a lot of big, complex diagrams that attempt to address every possible aspect of the cloud and how to make […]
Why issues with “secrets management” in DevOps aren’t tool problems
Like you, I get a lot of “You MUST watch this webinar” types of emails, and one of the last ones I got that somewhat piqued my interest given some things I’m helping a coaching and mentoring client with was a new one about the ever-present pipe dream promise of “Shift left” with DevSecOps. Ostensibly, […]
Bedazzled by tales of the security transformation Big Bang
Humans, by nature, are impatient. And by nurture over the last several years with everything from drive-through liquor stores making a comeback in my hometown to anticipatory search results from Google to Amazon Prime’s same-day delivery… …we now live in a society where all of life’s virtues and vices can be summoned on demand with […]
DevSecOps picnics in the park
As you might know, I really do waffle a bit between loving and hating DevSecOps as a concept. I think it’s great on the one hand because it’s shined a light on a lot of really bad software development practices people like John Viega, Gary McGraw and my friend Sverre Huseby have been talking about […]
