DevSecOps Learning with DevOps Institute Global Ambassador, Shlomo Bielak
DevOps Institute Ambassadors are volunteers from across the globe who want to help advance the career opportunities in IT and support emerging practices within the DevOps community based on a human-centered SKIL Framework, consisting of Skills, Knowledge, Ideas, and Learning.
These individuals are advocates for the “Humans of DevOps” and are industry pioneers who are passionate about the DevOps movement, are recognized DevOps subject matter experts, and who voluntarily contribute to the Collaborative Body of Knowledge (CBok) of DevOps.
In the spirit of September’s SKILup Day theme, we are featuring ambassadors who are proficient in DevSecOps. We are proud to feature an Ambassador from Canada, Shlomo Bielak, CTO at Benchmark Corp.
Below, we asked Shlomo to share insights around DevSecOps, as well as personal goals and unique learning moments.
Shlomo is focused on supporting the practical side of DevSecOps which stems from his engineering and enterprise architecture background. He was previously a global head of Site Reliability Engineering and Application Security as a CISO for a Fortune 500. He is also the creator of Governance Engineering which is published in one of his whitepapers on DevGovOps. Shlomo has also worked with niche companies in the container space to publish two case studies showing how a large corporation can modernize its applications using containers and microservices in the cloud while supporting PCI compliance using CD pipelines.
Shlomo participates heavily in the conference scene which includes keynotes in; Atlanta, San Francisco, New York City, Toronto, Niagara-on-the-Lake, and New Orleans. Look for him in the coming months at DevOps World, All Day DevOps, Cloud Native Virtual Summit, and Unscripted for his breakout sessions. He also provides thought-leadership and product management guidance to multiple partners at their CKO/SKOs to align better with the shift-left DevOps culture. Having successfully implemented digital transformation for a fortune 500 he plans to show others how to do so practically.
He spends his time giving back to many organizations trying to advance security and technology, including:
- Continuous Delivery Foundation Ambassador — Creating content for the wider CI/CD community
2. Forbes Technology Council — Publishing leadership content on Forbes
3. CIO Association of Canada — Chair Leadership and Technology Council
4. CIO Strategy Council — Cyber Security Technology Council member developing security standards and a new standard for digital transformation
5. SiberX — Advisory board member — Sharing Cyber Security exemplars to the global market
Q: Why is DevSecOps important?
If we define what it is not it becomes useful for an organization to get security teams collaborating with a responsive operating model. DevSecOps is not a checkbox, it is not tooling, it is not a role. It helps security understand what to focus on, such as not slowing things down with their methods and toil. Meetings and gating don’t work anymore. What does? DevSecOps pushes us to fix the mode of engagement with security involved.
Q: What are the biggest obstacles to overcome when practicing DevSecOps?
Copying someone’s rearview mirror. So many organizations today implement a method that is dated and they continue down that path for a long time not realizing things are still painful. No one’s battle scars are healing. This is due to the lack of practitioners in the market that focus on methods and models. Identify the metrics you want to improve and make sure they include toil and the reduction of talent heroics.
Q: As an ambassador, what are your goals for helping to advance the humans of DevOps?
The same for any effort I work on. Share my abilities and knowledge to further those listening or wanting to improve. Giving back should be a priority for all practitioners. Our success is not proprietary. The market is under unexpected pressure and dollars spent need to be on our joint success. We cannot afford a 70–75% failure rate on digital transformation.
Q: What is the top learning moment you’ve had in the past three months?
Be sensitive to others. Providing guidance can be done without harming the existing efforts made. You never know how close the person you’re speaking to is to the problem at hand. Understand their battle scars are not healed yet and you need to carefully approach the problem with kindness and sharing. Partner, customer, provider, vendor — we are all playing our part to solve the challenge. Value their efforts and successes.
DevOps Institute has declared September as DevSecOps month! On Sept. 17 DevOps Institute hosted a SKILup Day conference dedicated to DevSecOps from a technical, process, and cultural point of view. If you missed it you can still watch all the sessions here.
Originally published at https://devopsinstitute.com.