DevSecOps: Catching Fire
In DevOps, those who can’t keep pace are often left behind. For many people
leading DevOps initiatives over the past few years, this led to a painful
choice of leaving security by the wayside. Many Waterfall-native approaches
to security could not keep pace with their new DevOps-native requirements and
they were shunned.
Gene Kim and Josh Corman first sounded the death knell for security as we
knew it during their 2012 RSA presentation, Security Is Dead. Long Live
DevOps: IT at Ludicrous Speed. However, as with so many things in our world,
necessity is the mother of invention. Leaving security out of the DevOps
toolchain was not an option for some and unimaginable for others.
Fast forward four years and things have changed dramatically. We are on the
cusp of a new era of security that lives at ludicrous speed. Software-defined
security is c... (more)
Ed was demoralized. He had just heard a speaker who would change his life. He
knew he needed to change, and he knew what the end goal was. He just didn't
know how to get there. He needed fresh air. He needed endorphins. What better
way to do that than go on a 6-hour run through some of the seedier
neighborhoods of Vegas to the edge of the desert.
Ed Ruiz (@eruiz06) is the Senior Director of IT for the Association of
Schools and Programs of Public Health (ASPPH), and I heard him share lessons
learned from his conversion to DevOps during the marathon All Day DevOps
Conference (fre... (more)
In September 2014, Apple made encryption default with the introduction of the
iPhone 6. Then, in February 2016, a Los Angeles judge issued an order to
Apple to help break into the encrypted iPhone belonging to a terrorist
involved in a mass shooting.
Apple had used some of the strongest encryption technologies and practices to
protect its users and their data. The encryption technology did not
discriminate between lawful and unlawful users. While there were many sides
to this issue, it surfaced many important debates on security, privacy, and
civil rights.
Peekaboo
For develope... (more)
Automated Publishing
As a long time Java developer, I've always depended on the Maven build
process to automatically publish my artifacts to a Nexus Repository Manager.
This automated process was made possible thanks to some very useful plugins -
specifically, the Maven plugin for Nexus staging and the Maven Deploy
plugin. Both made publishing of artifacts to Nexus Repository Managers
remarkably simple as the final step of a Maven build.
Introducing the Nexus Jenkins Plugin
However, in today's continuous-everything world, build processes are
increasingly complicated and resemble... (more)
As a long time Java developer, I've always depended on the Maven build
process to automatically publish my artifacts to a Nexus Repository Manager.
This automated process was made possible thanks to some very useful plugins
- specifically, the Maven plugin for Nexus staging and the Maven Deploy
plugin. Both made publishing of artifacts to Nexus Repository Managers
remarkably simple as the final step of a Maven build.
Introducing the Nexus Jenkins Plugin
However, in today's continuous-everything world, build processes are
increasingly complicated and resemble a highly dynamic su... (more)
In 2015, Derek Weeks led the largest and most comprehensive analysis of software supply chain practices to date across 160,000 development organizations. He is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies, reduce costs, and sustain long-lasting competitive advantages.
Jordan Shamir
Tracy Bannon
Lev Lesokhin
Nishanth Kadiyala
Arvind Radhakrishnen
Deven Samant
Guy Salton
Mark Troester
Noelani McGadden
Don Demcsak
Bart Driscoll
