EP15: DevSecOps Personas
Explicit content warning
10/25/21 • 53 min
In this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas.
DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs. Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ - all the tech and process in the world isn’t going to make it successful if the people and culture (and heart) are not in it. So let’s share what we’ve seen from 100s of company interactions, understand better where everyone is coming from, and how to approach a DevSecOps program that can move the needle like Marty McFly playing Doc Brown’s guitar. We’ve love this to be interactive, so bring your stories and questions.
Gary Robinson has been working in software and cyber security for 20+ years, as a coder, pen tester, consultant, Security Architect at Citi, Global Board member at OWASP, and heading up Uleska to focus on DevSecOps for the last 5 years. Gary’s focused on the people, process, technology, and culture aspect of DevSecOps – as someone who’s worked in all three spaces during his time – and what drivers, blockers, etc each experience with ‘DevSecOps’, ‘shift-left’, ‘secure by design’, and the rest.
Ed Tucker is an exceptional Cyber Security leader, with extensive knowledge across most sectors, as a defender, vendor, consultant and founder. He was the 2017 European Chief Information Security Officer of the Year, UK Security Professional of the Year, and Security Leader of the Year and has been globally recognised for his vision and delivery.
Your Hosts
Steve Giguere: https://www.linkedin.com/in/stevegiguere/
Glenn Wilson: https://www.linkedin.com/in/glennwilson/
DevSecOps - London Gathering
Keep in touch with our events associated with this podcast.
- https://www.meetup.com/DevSecOps-London-Gathering/
- https://twitter.com/DevSecOps_LG
- https://www.youtube.com/c/DevSecOpsLondonGathering
In this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas.
DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs. Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ - all the tech and process in the world isn’t going to make it successful if the people and culture (and heart) are not in it. So let’s share what we’ve seen from 100s of company interactions, understand better where everyone is coming from, and how to approach a DevSecOps program that can move the needle like Marty McFly playing Doc Brown’s guitar. We’ve love this to be interactive, so bring your stories and questions.
Gary Robinson has been working in software and cyber security for 20+ years, as a coder, pen tester, consultant, Security Architect at Citi, Global Board member at OWASP, and heading up Uleska to focus on DevSecOps for the last 5 years. Gary’s focused on the people, process, technology, and culture aspect of DevSecOps – as someone who’s worked in all three spaces during his time – and what drivers, blockers, etc each experience with ‘DevSecOps’, ‘shift-left’, ‘secure by design’, and the rest.
Ed Tucker is an exceptional Cyber Security leader, with extensive knowledge across most sectors, as a defender, vendor, consultant and founder. He was the 2017 European Chief Information Security Officer of the Year, UK Security Professional of the Year, and Security Leader of the Year and has been globally recognised for his vision and delivery.
Your Hosts
Steve Giguere: https://www.linkedin.com/in/stevegiguere/
Glenn Wilson: https://www.linkedin.com/in/glennwilson/
DevSecOps - London Gathering
Keep in touch with our events associated with this podcast.
- https://www.meetup.com/DevSecOps-London-Gathering/
- https://twitter.com/DevSecOps_LG
- https://www.youtube.com/c/DevSecOpsLondonGathering
Previous Episode
EP14: Threat Modeling - A Manifesto And Some Code
Title: Threat Modeling - A Manifesto And Some Code
Threat Modeling: Why we think it matters for you, and how you can implement it in your organization.
Modeling: How to model your system in an expressive way.
Eliciting threats: What are some of the major approaches in use and how can it be done closer to the developer and at Agile speed.
Evolution: Automated threat analysis using an open source tool (pytm). We will talk through the making of pytm and then do a demo.
Guest Speakers
Matthew Coles (he/him) is a security professional focused on the security of physical devices and the ecosystems and processes that enable them to operate. He has a MSc in Computer Science from Worcester Polytechnic University (USA), and maintains a CSSLP certification.
https://www.linkedin.com/in/matthew-coles-4330652/
Izar Tarandach (he/him) has peeked and poked at security from various sides over the last couple of decades, currently focusing on modern SDLC's and how AppSec extrapolates onto the larger scheme of Security. He has a MSc in Computer Science/Security from Boston University (USA).
https://www.linkedin.com/in/izartarandach/
Izar and Matt have collaborated on security techniques and training for the past 10 years, co-authoring a book on Threat Modeling, are founding members of the Threat Modeling Manifesto, and created and maintain an open source threat modeling automation system, pytm.
Your Hosts
Michael Man: https://www.linkedin.com/in/mman/
Glenn Wilson: https://www.linkedin.com/in/glennwilson/
DevSecOps - London Gathering
Keep in touch with our events associated with this podcast.
- https://www.meetup.com/DevSecOps-London-Gathering/
- https://twitter.com/DevSecOps_LG
- https://www.youtube.com/c/DevSecOpsLondonGathering
Next Episode
EP:16 Breaking down silos with Stefania Chaplin
In this episode, Steve and Glenn are joined by Stefania Chaplin to talk about breaking down silos.
Bio
Stefania Chaplin’s experience within Cybersecurity, DevSecOps and OSS governance means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania is always optimising and improving efficiency wherever she goes by scripting & automating processes and creating integrations. Stefania is passionate about DevSecOps and cybersecurity, having spoken at many conferences including; RSA Conference, ADDO, OWASP, JavaZone, Women of Silicon Roundabout, Women in DevOps, DZone and many more. She is also an active member of OWASP DevSlop, hosting their technical shows.
You can reach Stefania on Twitter, Instagram, and YouTube with the handle @devstefops, or on LinkedIn https://www.linkedin.com/in/stefania-chaplin.
Useful links
Deming's 14 points: https://deming.org/explore/fourteen-points/
Your Hosts
Steve Giguere: https://www.linkedin.com/in/stevegiguere/
Glenn Wilson: https://www.linkedin.com/in/glennwilson/
DevSecOps - London Gathering
Keep in touch with our events associated with this podcast.
- https://dsolg.com
- https://www.meetup.com/DevSecOps-London-Gathering/
- https://twitter.com/DevSecOps_LG
- https://www.youtube.com/c/DevSecOpsLondonGathering
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/dso-overflow-241759/ep15-devsecops-personas-26893213"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to ep15: devsecops personas on goodpods" style="width: 225px" /> </a>
Copy