Skip to main content

Posts

Showing posts with the label DevSecOps Engineering

DevSecOps - Identity and Access Management

Testing starts with the first line of code!   It is NOT a downstream activity. DevOps testing has a critical role to play in a Continuous Delivery Pipeline. Without integrated testing DevOps simply will not work!   With the advent of DevOps and the movement to breakdown silos between developers, QA, security, and operations, it becomes critically important that all members of an IT team - regardless of what tools they use, or role they play - understand the essentials of testing. Every member of your development team should also integrate to ensure Compliance and Audit outcomes!   It is a new world.   In this new world we can leverage from existing but must be open to walking through new doors of opportunity. Understanding traditional test strategies is helpful but when and where, and most importantly how we proceed with our test strategy must shift.   Knowing how to code is not enough, Quality Assurance in and of itself is not enough.   We cannot afford to have our product

Why I am Excited to Attend the DevSecOps Engineering Class

The opportunity exists to reinvent security and to do this we must redefine the roles and practices of security engineering. Information is available faster than the speed of your connection and cybersecurity risk is everywhere!  Empowerment to change begins with getting level set on what DevSecOps (DSOE) really is and how to move fast to get there.  That is why I am excited to attend the  DevSecOps Engineering  class and to acquire the DevSecOps Engineer certification!  Digital Transformations are not only real, they are accelerating. IT systems and software literally drive the world and that makes every business a digital tech business. Along with that is a proliferation of apps, devices and opportunities. Those opportunities are not always honorable; hackers abound. DevSecOps is a mindset that “everyone is responsible for security” with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing

Security in a DevOps Environment

Integrating Development and Operation teams as well as other functions that have previously been silo’d is key to any development project for all service providers today.   We hear a lot about this in DevOps training and certification classes.   What about security?  You may have heard the term DevSecOps.  This idea and term was coined to ensure that architects and developers include into our requirements and code those things necessary for security. Design architects will also want to ensure that security is integrated throughout the value stream of development, deployment and operations and it is done in such a way so that the complexity is as transparent as possible to the functional teams involved.   How can we do this without impeding our flow of work?    How can we still be able to meet compliance for legislative, legal or regulatory requirements relating to security? This is where Automation comes in.  Collaboration and measurement are key values but automation is also