Over the last several years, a lot of big brains have been working on the problem of what “secure cloud” should actually mean. And they’ve spent a lot of time producing a lot of documentation—and a lot of big, complex diagrams that attempt to address every possible aspect of the cloud and how to make […]
Why issues with “secrets management” in DevOps aren’t tool problems
Like you, I get a lot of “You MUST watch this webinar” types of emails, and one of the last ones I got that somewhat piqued my interest given some things I’m helping a coaching and mentoring client with was a new one about the ever-present pipe dream promise of “Shift left” with DevSecOps. Ostensibly, […]
Bedazzled by tales of the security transformation Big Bang
Humans, by nature, are impatient. And by nurture over the last several years with everything from drive-through liquor stores making a comeback in my hometown to anticipatory search results from Google to Amazon Prime’s same-day delivery… …we now live in a society where all of life’s virtues and vices can be summoned on demand with […]
DevSecOps picnics in the park
As you might know, I really do waffle a bit between loving and hating DevSecOps as a concept. I think it’s great on the one hand because it’s shined a light on a lot of really bad software development practices people like John Viega, Gary McGraw and my friend Sverre Huseby have been talking about […]
When to ignore Teddy Roosevelt
I have to admit I have a lot of respect for Teddy Roosevelt and many of the things he did and said. In fact, I have his “arena” quote printed out and stuck to the wall above my desk. One of his other famous quotes is this one: “In any moment of decision, the best […]