DJ Schleen took over the TechWell Hub for a day to discuss all things DevSecOps.
Schleen is a seasoned DevSecOps advocate at Sonatype, as well as an international speaker, instructor, and author. He encourages organizations to deeply integrate a culture of security and trust into their DevOps practices, core values, and product development journey.
“What do you see as the biggest challenges to adopting security practices into DevOps?” —@Tom Stiehm
“There are a ton of challenges to gain successful adoption,” Schleen said. “It depends on which team is trying to implement the practice.”
He said challenges vary based on whether it’s the development team or the security team driving adoption, and on the size of your company.
“The biggest challenge is to ensure everyone is comfortable with change and can communicate with candor,” he said. “Once the culture is there (or growing), the challenge is to find the best place in an automated pipeline to put security controls without sacrificing the speed of delivery and deployment.”
“One problem I have had in terms of implementing security into DevOps is getting management to buy in. What are some ways that you were able to get managers/leaders on board with making security a bigger priority when it comes to DevOps?” —@David
“That always seems like the hardest thing to do, right? I’ve been told in the past that security wasn’t a priority,” Schleen said.
However, great leaders usually have their employees’ best interests in mind, give time and productive feedback, establish goals for their direct reports and let them run until tackled, and deliver the goals of the business.
Schleen said reasonable leaders will listen and consider the ideas and concerns of their team, and then take those ideas and seek alignment with business goals, assess risk, and come to a conclusion.
“As someone relatively new starting out in the security field and being the individual tasked with managing vulnerability and patching exceptions for both OSS and Containers where would you focus your attention?” —@David Croughwell
Schleen said that with open source software, you want to do three things:
As for containers, he recommended doing your research, and provided some resources.
Read the full takeover here, and mark your calendar to join us for the next one.