154 episodes

The DevSecOps Days is a recorded series of discussions with thought leaders and practitioners who are working on integrating automated security into every phase of the software development pipeline.

DevSecOps Podcast Series DevSecOps Podcast Series

    • Technology

The DevSecOps Days is a recorded series of discussions with thought leaders and practitioners who are working on integrating automated security into every phase of the software development pipeline.

    The Demise of Symantec by Richard Stiennon

    The Demise of Symantec by Richard Stiennon

    When I read Richard Stiennon's latest article in Forbes, The Demise of Symantec, I thought it was absolutely fascinating. Richard walks through the process of what happened at Symantec, how it was an acquisition engine for so many years, and now how it's started to decline. I got in touch with Richard and told him I'd like to have him read his article for the podcast, and he responded right away.

    What you'll hear in this episode is Richard talking about and reading from his article, The Demise of Symantec.

    Resources for this podcast:
    The Demise of Symantec, Forbes Online
    https://www.forbes.com/sites/richardstiennon/2020/03/16/the-demise-of-symantec/#6522117b5fc7

    Security Yearbook 2020
    https://www.security-yearbook.com/

    • 14 min
    Equifax and the Road Ahead w/ Bryson Koehler

    Equifax and the Road Ahead w/ Bryson Koehler

    Equifax is trying... I mean REALLY trying... to regain your trust. The Equifax CTO and CISO delivered the keynote at DevSecOps Days during 2020 RSAC. They contributed to multiple sessions and panels during the conference. The message was consistant: "Yes, we had a major problem. Here's what we're doing about it. Here's what you can learn from us." From a technical perspective, Bryson Koehler, CTO, and Jamil Farshchi, CISO, took on all questions from the audience. Nothing was out of bounds. They stayed after the session to talk one-on-one with those who had more questions. The words I heard most from the audience about the session was 'humility' and 'transparency'. That's a far cry from the poster child of breaches image the company has had to carry since 2017.

    Bryson and I sat down after the session at DevSecOps Days to go more into detail on what Equifax is working on, not just to re-gain user confidence, but to make a difference in the technology industry when it comes to lessons learned. He and Jamil are in the process of rebuilding the technology infrastructure at Equifax. They want to create a self-service, customer driven platform, that will include security as part of an automated solution to the future of data privacy. They are willing to openly share what they are working on, what has worked, what hasn't worked, all while building transparency into the process so that everyone can learn, not just the engineering team at Equifax.

    In this episode, we start with how Bryson felt the audience responded to the message from the stage, and what he had hoped to accomplish by stepping into the public spotlight.

    • 23 min
    Making Everyone Visible in Tech - Jaclyn Damiano

    Making Everyone Visible in Tech - Jaclyn Damiano

    If you like what you hear, you can download the entire book at sonatype.com/epicfailures

    As we were putting the finishing touches, getting ready to publish the latest version of Epic Failures in DevSecOps, I reread Jaclyn Damiano's chapter and was struck by how unique her message is.

    This is a personal story, one that will resonate with many people in the tech industry. It's a story of beginnings, of hardships, of leadership and finally, how all that combines into something much bigger than a technology solution. It's a story that talks about transforming people, not just companies.

    What you'll hear in this broadcast is Jaclyn reading her chapter, "Making Everyone Visible in Tech". There's no narrator, no discussion, just Jaclyn in her own words telling the story behind The Athena Project. It's a story of how she and her team took a diverse set of 40 applicants from underserved communities, with little to no technical background, and created a program to train and place those attendees in the tech industry. It's an inspiring story that needs to be heard.

    • 38 min
    How to Engage 4000 Developers in One Day

    How to Engage 4000 Developers in One Day

    When Derek Weeks and I started All Day DevOps in 2016, we were unsure as to whether anyone would be interested.It's now four years later. Last week we had close to 37,000 people register for the event. We're still trying to wrap our head around the scale of something that generates a world wide audience in the tens of thousands for a 24 hour conference.

    One of the things that has grown organically from All Day DevOps is a concept called "Viewing Parties". It's an idea the community has created, not something planned by us. Over 170 organizations, meetups or user groups around the world setup a large screen and invited colleagues and friends over to share in the DevOps journeys that were being told throughout the day. Last year, we heard through the grapevine that State Farm had over 600 people show up to participate at their viewing party in Dallas. That's 600 people internally at State Farm.

    When I heard about it, I knew I had to speak with Kevin ODell, Technology Director and DevOps Advocate at State Farm, the person who coordinated the event. Our initial conversation was a fascinating view into how he pulled off such a large event, internally. We kept in touch throughout the year, leading up to 2019 All Day DevOps. Keeping track of the registrations for Kevin, he soon came to realize what he had created was now a viral event at State Farm. For 2019, State Farm had 4000 of their 6000 developers confirmed to attend All Day DevOps. To me, that's just remarkable. While at the DevOps Enterprise Summit last month, Kevin and I sat down to talk about how he created such an incredible event, the process for getting business buy-in, and how he measures the value of letting 4000 developers collectively watch videos for the day. Even if I wasn't one of the co-founders of All Day DevOps, I'd find this a fascinating story. Stay with us and I think you'll be impressed, too.

    • 17 min
    Code Rush, DevOps and Google: Software in the Fast Lane

    Code Rush, DevOps and Google: Software in the Fast Lane

    Shortly after watching the documentary, Code Rush, I met with Tara Hernandez, the hockey stick carrying lead of the Netscape project that was being documented. We sat down at the Jenkins World Conference in San Francisco to talk about the effect that project had on her career, what she has been doing since with her position at google, and what she hopes to be working on in the coming years.

    We started our conversation by exploring the relationship between the Netscape project in 1998 and the current state of DevOps. Would DevOps have made a difference... the answer might surprise you.

    • 28 min
    The Unicorn Project w/ Gene Kim

    The Unicorn Project w/ Gene Kim

    Edwards Deming went to post-war Japan in the late 1940s to help with the census. While there, he built relationships with some of the main manufacturers in the region, helping them understand the value of building quality into a product as part of the production process, thus lowering time to market, eliminating rework and saving company resources. In his 1982 book, "Out of the Crisis", Deming explained in detail why Japan was ahead of the American manufacturing industry and what to do about. His "14 Points on Quality Management" helped revitalize American industry. Unknowingly, he laid the foundation for DevOps 40 years later.

    Eli Goldratt published "The Goal" in 1984, focusing on the "Theory of Constraints", the idea that a process can only go as fast as it's slowest part. In fictionalized novel form, Goldratt was able to reach a wide audience who would utilize the theory to help find bottlenecks, or constrainsts, within production that were holding back the entire system. Once again, the theories espoused in The Goal were a precursor to the DevOps movement 40 years later.

    In January 2013, 40 years after Deming and Goldratt reshaped the manufacturing processes in American, Gene Kim published "The Phoexnix Project". He used the same format as Goldratt, telling the story in a fictional novel format with characters who were easily identifiable within the software manufacturing process, from a manager's point of view. The Phoenix Project is now one of the most important books in the industry, and is used as a starting point for companies interested in participating in a DevOps transformation.

    It's now six years later, 2019. Gene's new book, The Unicorn Project, will be released at the upcoming DevOps Enterprise Summit in Las Vegas on October 28. This new book has an interesting premise: What was going on with the software development team in the Phoenix Project as the management team was flailing to get the project back on track. It's a novel approach to have parallel timelines in separate books, looking at the same project.

    In this broadcast, Gene and I talk about how the Unicorn Project aligns with the Phoenix Project, the overlap in storylines, and why he chose to speak for software developers in this iteration of the story. Do a quick review of the Phoenix Project, which is probably already on your bookshelf, and then listen in as we discuss using Deming, Goldratt and Kim as the foundation of the principles of the DevOps movement.

    • 44 min

Top Podcasts In Technology

Listeners Also Subscribed To