Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].
DevSecOps means more secure applications through greater collaboration. However, many organizations hold preconceived notions and misconceptions about what DevSecOps is and why their organizations will face challenges in adopting it. Here are four common myths about DevSecOps transformation, along with the truth.
One of the most common complaints of any software team during a retrospective is the issue of too many meetings. Agile ceremonies can provide a lot of value to the team, but only when they're done correctly. Here are four ways to get the most out of meetings, avoid wasting time, and gain value for everyone involved.
DevSecOps shifts security practices left and assures earlier that your application isn't vulnerable to breaches. But convincing a security group to get on board with your DevSecOps journey may not be an easy task. These four points can help you prove to your security group that DevSecOps is in everyone’s best interest.
Negative feedback has the greatest potential to help people change in areas that can have a lasting impact. But sharing negative experiences and criticism can often be a challenge and may cause more harm than good. Here are six tips for sharing negative experiences effectively and building trust along the way.
For many organizations, traditional testing groups are separated from the IT security group. But having traditional testers perform some security testing efforts is a great way of achieving a balanced approach to shifting left while being mindful of staffing and budgetary challenges. It also has some great advantages.
Organizations struggling to see tangible benefits after adopting DevOps practices often have only slapped together a few tools instead of making the required changes. Many aren’t really embracing DevOps at all. Here are three signs to help you determine if your organization isn’t quite ready yet to practice DevOps.
Threat modeling helps you determine where to focus your security testing efforts when building your app. But people often wonder how it can fit into their existing agile software development process. Here are three things you can do to integrate threat modeling into your agile workflow, either early on or mid-project.