Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].
DevSecOps shifts security practices left and assures earlier that your application isn't vulnerable to breaches. But convincing a security group to get on board with your DevSecOps journey may not be an easy task. These four points can help you prove to your security group that DevSecOps is in everyone’s best interest.
Negative feedback has the greatest potential to help people change in areas that can have a lasting impact. But sharing negative experiences and criticism can often be a challenge and may cause more harm than good. Here are six tips for sharing negative experiences effectively and building trust along the way.
For many organizations, traditional testing groups are separated from the IT security group. But having traditional testers perform some security testing efforts is a great way of achieving a balanced approach to shifting left while being mindful of staffing and budgetary challenges. It also has some great advantages.
Organizations struggling to see tangible benefits after adopting DevOps practices often have only slapped together a few tools instead of making the required changes. Many aren’t really embracing DevOps at all. Here are three signs to help you determine if your organization isn’t quite ready yet to practice DevOps.
Threat modeling helps you determine where to focus your security testing efforts when building your app. But people often wonder how it can fit into their existing agile software development process. Here are three things you can do to integrate threat modeling into your agile workflow, either early on or mid-project.
Successful agile coaching requires a combination of experience, knowledge, and soft skills to help organizations build competence, sustainability, and performance in their agile practices. But it's not all up to the coach. There are a few things you can do to ensure your coaching engagement is set up for success.
Many software organizations are overwhelmed with a laundry list of vulnerabilities. They often have no idea where to start, how to determine prioritization, and whether or not those vulnerabilities accurately represent the threats to our applications, users, and data. Threat modeling is a simple yet effective solution.