Subscribe to our 0800-DEVOPS Newsletter

    Get in touch

    Not sure where to start? Let our experts guide you. Send us your query through this contact form.






      Get in touch

      Contact us for all inquiries regarding services and general information






        Use the form below to apply for course





          Get in touch

          Contact us for all inquiries regarding services and general information






          0800-DEVOPS #45

          Automating and scaling security with Glenn Wilson

          clock6 minute read

          A newsletter that started as a personal learning and getting-in-touch project by Ivan Krnic grew into a sociotechnical newsletter covering topics of technical excellence, organizational improvements, and productivity.

          Automating CABs

          “What is all this automation for if we’re releasing only on Thursdays?”

          -one colleague over coffee

           

          In heavily regulated environments, Change Advisory Boards are common thing. CABs typically evaluate risks and verify that regression testing is done, documentation is updated, etc. All this is generally done in a very old-fashioned manual way. As one of my colleagues said over coffee: “What is all this automation for if we’re releasing only on Thursdays?”

          I know we’re far from fully automating CABs (especially in heavily regulated environments), but are we even challenging the status quo, and how close can we get to it?

          Teams can automate regression testing and documentation verification too! Even the dreaded Segregation of Duties principle can be implemented using code review – both implementation code and tests need to be approved by a person other than the author.

          Most manual checks are the relic of old times. We need to involve security professionals in the software delivery process and find new ways to implement existing security principles more digitally.

          Interview of the Month

          Automating security with Glenn Wilson

          Automating security with Glenn Wilson

          Glenn Wilson is CTO and founder at Dynaminet, book author, and speaker. After reading his book “DevSecOps” and some other security-related material and talking to several people in the industry, I think security is finally the next bottleneck that organizations must solve, especially those in highly-regulated environments. I spoke with Glenn about automating Change Advisory Boards and scaling security skills in an organization.

          QED 2023 conference

          We’re back in Zadar for another QED conference!

          Our keynote speaker will be Kelsey Hightower, Distinguished Engineer at Google Cloud, and we’ll talk about the value technology brings to the table! Register here and join us!

          DevOps Quiz

          Mini quiz

          What do you say?

          Would you want to automate your Change Advisory Boards?

          DevOps Quiz

          Hand picked

          Don’t Call It A Platform – fantastic post by Sam Newman about platforms taking the utterly wrong direction and becoming detrimental to organizational flow and improvement. As with many similar concepts, it’s time to zoom out, block out marketing-driven vendor messages and recalibrate.

          A Complete Overview of GPT-3 — The Largest Neural Network Ever Created – Excellent (and very comprehensive) article on GPT-3, what it is, how it works, how people use it, and possible risks.

          How we make decentralized decisions – 7 ways in which you can decide on something, explained by Gini.

          CNCF 2022 Annual Survey – Cloud Native Computing Foundation runs an annual survey to understand the adoption of cloud native technologies better, and here are the findings for 2022.

          A framework for balancing and budgeting engineering resourcing – “As an engineering organization grows, questions and challenges emerge around the investments in time and people.” This post explains an investment framework for engineering used successfully at Dropbox during the several years leading up to the IPO. There are several investment buckets that you want to remember.

          Read with us

          Read with us

          DevSecOps: A leader’s guide to producing secure software without compromising flow, feedback and continuous improvement

          link Get the book

          Gene Kim noted once that security professionals are outnumbered by developers as much as 100:1. Obviously, not every team can have a security professional on board.

          In this book, Glenn Wilson shares his layered approach to scaling and utilizing security skills across an organization: Education – Secure by design – Automation!

          DevOps articles delivered monthly.







            Ivan Krnić

            Ivan is Director of Engineering at CROZ, 🎙0800-DEVOPS podcast host and O'Reilly author contributing to "97 Things Every Cloud Engineer Should Know". His special areas of interest cover DevOps culture, sociotechnical nature of software delivery and cloud native architectures. Particularly interested in leadership and organizational change, he is helping organizations align business and tech, focus their efforts, and essentially work smarter, not harder. You can follow him on Twitter as @ikrnic.

              DevOps articles delivered monthly.