Automating and scaling security with Glenn Wilson
6 minute read
A newsletter that started as a personal learning and getting-in-touch project by Ivan Krnic grew into a sociotechnical newsletter covering topics of technical excellence, organizational improvements, and productivity.
“What is all this automation for if we’re releasing only on Thursdays?”
-one colleague over coffee
In heavily regulated environments, Change Advisory Boards are common thing. CABs typically evaluate risks and verify that regression testing is done, documentation is updated, etc. All this is generally done in a very old-fashioned manual way. As one of my colleagues said over coffee: “What is all this automation for if we’re releasing only on Thursdays?”
I know we’re far from fully automating CABs (especially in heavily regulated environments), but are we even challenging the status quo, and how close can we get to it?
Teams can automate regression testing and documentation verification too! Even the dreaded Segregation of Duties principle can be implemented using code review – both implementation code and tests need to be approved by a person other than the author.
Most manual checks are the relic of old times. We need to involve security professionals in the software delivery process and find new ways to implement existing security principles more digitally.
Interview of the Month
Automating security with Glenn Wilson
Glenn Wilson is CTO and founder at Dynaminet, book author, and speaker. After reading his book “DevSecOps” and some other security-related material and talking to several people in the industry, I think security is finally the next bottleneck that organizations must solve, especially those in highly-regulated environments. I spoke with Glenn about automating Change Advisory Boards and scaling security skills in an organization.
QED 2023 conference
We’re back in Zadar for another QED conference!
Our keynote speaker will be Kelsey Hightower, Distinguished Engineer at Google Cloud, and we’ll talk about the value technology brings to the table! Register here and join us!
What do you say?
Don’t Call It A Platform – fantastic post by Sam Newman about platforms taking the utterly wrong direction and becoming detrimental to organizational flow and improvement. As with many similar concepts, it’s time to zoom out, block out marketing-driven vendor messages and recalibrate.
A Complete Overview of GPT-3 — The Largest Neural Network Ever Created – Excellent (and very comprehensive) article on GPT-3, what it is, how it works, how people use it, and possible risks.
How we make decentralized decisions – 7 ways in which you can decide on something, explained by Gini.
CNCF 2022 Annual Survey – Cloud Native Computing Foundation runs an annual survey to understand the adoption of cloud native technologies better, and here are the findings for 2022.
A framework for balancing and budgeting engineering resourcing – “As an engineering organization grows, questions and challenges emerge around the investments in time and people.” This post explains an investment framework for engineering used successfully at Dropbox during the several years leading up to the IPO. There are several investment buckets that you want to remember.
Read with us
DevSecOps: A leader’s guide to producing secure software without compromising flow, feedback and continuous improvementGet the book
Gene Kim noted once that security professionals are outnumbered by developers as much as 100:1. Obviously, not every team can have a security professional on board.
In this book, Glenn Wilson shares his layered approach to scaling and utilizing security skills across an organization: Education – Secure by design – Automation!