Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].
When practicing DevOps, how should you include security? What's the best way to build security into an existing continuous integration, continuous delivery, and continuous deployment pipeline? Let’s take a look at five essential features of successful DevSecOps pipelines and analyze where security can benefit most.
Successful agile teams often have a coach driving continuous improvement. While some coaches are effective initially, many eventually succumb to pitfalls that inhibit their team’s growth and fail to compel any lasting changes. Here are five common pitfalls of agile coaches in most projects that fail to improve.
Many DevOps engineers fail to test their automation code in the same way they test the software they deploy. It's crucial for software to have tests, and this should apply to infrastructure-as-code software too, if we plan to change and improve this code with no worries about breaking automation in our DevOps pipeline.
One of the major reasons organizations adopt DevOps practices is to accelerate delivery of software to production. However, many fail to include quality components in their practices. Continuous deployment without quality is just delivering continuous bugs. Here's why software testing is an essential part of DevOps.
In traditional agile approaches, retrospectives are valuable to team improvement. However, when teams encounter organizational issues beyond their control, such as project structure, interorganizational communication, or resources, it's more difficult. Here's how to expand continuous improvement to the whole company.
The Equifax cyber security breach compromised millions of people's confidential information. If you’re worried about how you can prevent an IT disaster of this scale at your own organization, there is an answer: DevSecOps, which incorporates security into DevOps practices to ensure weaknesses are exposed early on.
Many organizations turning to agile believe it means you don't have to do any planning. This couldn't be further from the truth. A healthy agile team does just as much (if not more) planning than a team using a waterfall methodology. Preparing and setting goals sets up the team for a more successful agile adoption.