Posts in: security

The Security Bottleneck

https://www.youtube.com/watch?v=FIN2lVklWlc&list=PLAdzTan_eSPRNuA52_34wh5VTBC-0Rz7U&index=7 Read more in my free book. Transcript 02 - Security 14 reasons digital ,transformation fails in large organizations: number two security. There's many things your security staff is gonna wanna do when it comes to making sure the software you build and run is secure. One, they're gonna need to build up a risk profile to understand the new technology you're using the deployment frequency, all the types of risks that can occur.

Continue reading →


Is DevSecOps a Thing...? Or, What is DevSecOps?

https://www.youtube.com/watch?v=27kCIHeZtTU&list=PLAdzTan_eSPRNuA52_34wh5VTBC-0Rz7U&index=2&t=50s This is a 10 minute overview of what I think DevSecOps is, has become, etc. It was originally for an IDC Nordic conference. Here's the transcript, apologies for the time codes: Introduction - DevSecOps? Well, thanks for having me here. I've been trying to figure out what DevSecOps means for a little bit, and I think I've finally settled on three things that it is. So what I want to do is go over what those things are, and also related a little bit to what DevOps is and why it's actually kind of justified to use that infix of DevSecOps.

Continue reading →


What is DevSecOps? Part Two: Automating Verification and Guardrails

https://www.youtube.com/watch?v=K9fVZU-e2Gk&list=PLAdzTan_eSPRNuA52_34wh5VTBC-0Rz7U&index=1 What is DevSecOps? Part 02: Automating Verification and Guardrails What is DevSecOps? Here’s part two of what I think it is, actual new tools you can use when it comes to verifying/trusting what’s in your apps and putting out guardrails for developers. Plus, some repaving for you 3 R’s OGs. Check out my write-up for what the other two are, and more details. Also, here's part one. Here is the transcript:

Continue reading →


 What is DevSecOps? Part One: A Secure Software Supply Chain

https://www.youtube.com/watch?v=0fRYNaeGW_k&list=PLAdzTan_eSPRNuA52_34wh5VTBC-0Rz7U&index=3 What is DevSecOps? Part One: A Secure Software Supply Chain I’ve been trying to figure out what exactly the Sec in DevSecOps is for a couple years or so, and I think I’ve got something. Three things in fact. Keep in mind that DevSecOps isn’t all of security, it’s just a small subset that focuses on the software you write and run. Anyhow, here’s the first. A “secure software supply chain.

Continue reading →


@cote@hachyderm.io, @cote@cote.io, @cote