We’re excited to announce that ShiftLeft has achieved Service Organization Control 2 Type II compliance with zero exceptions. We began this compliance effort 10 months ago. Back in May 2019, we achieved SOC 2 Type I compliance. While this was an important milestone, having also obtained Type II compliant status within seven months is simply sensational.

What is Type I vs. Type II?

First, a little explanation of the difference between Type I and II is in order. Think of Type I as a snapshot in time. By achieving this, we’ve effectively demonstrated to independent auditors our ability to design and implement sound security controls and policies…


Setting up Raspbery Pi Cluster and Installing Kubernetes

Assemble Raspberry Pi Cluster

Recently I came upon OpenFaaS and was fascinated by the possibilities. With Kubernetes coming up on the horizon at work to migrate our workload to, it is also a good time to start digging into the mechanics of K8s. I just so happen to have a couple of Raspberry Pi 2s lying around and wanted to assemble 5 RPi to make a 1 master and 4 workers K8s cluster. I also had an extra Netgear 5 port gigabit switch and a 5 port USB charging hub that I could use for this cluster. …


The DevOps movement has been gaining notoriety in recent years for what appears to be the best thing that has happened to the traditional software development lifecycle. Whether this is the pinnacle of DevOps’ popularity has yet to be seen and only time will tell.

Hidden in the noise are some valid questions:

  • “How do we get started?”
  • “What is the best approach?”
  • “Where should we apply these processes/tools?”
  • “Why is this better than our current process?”

I will attempt to address some of these common questions in this article. It would take multi-volume tomes to provide sufficient coverage to…


This was originally published on my personal blog davyhua.com.

What a tangled DevOps web we’ve weaved

Too many non-DevOps talking heads have been chiming in and giving their 2 cents on what exactly DevOps is or isn’t. Let’s get something straight: I don’t consider DevOps as an official title or role. DevOps is a culmination of skills and talents in a singular embodiment; a channel to getting sh!t done. The only reason why us “DevOps” Engineers use or tolerate the term to label what we do simply because it is the easiest way to obtain universal head nods from the people in the room.

DevOps is like…

Davy Hua

Director, DevOps and ITOps @ShiftLeftInc

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store