Discussing DevSecOps with DevOps Institute Global Ambassador, Mark Peters

DevOps Institute Ambassadors are volunteers from across the globe that want to help advance the career opportunities in IT and support emerging practices within the DevOps community based on a human-centered SKIL Framework, consisting of Skills, Knowledge, Ideas, and Learning.

These individuals are advocates for the “Humans of DevOps” and are industry pioneers who are passionate about the DevOps movement, are recognized DevOps subject matter experts and who voluntarily contribute to the Collective Body of Knowledge (CBok) of DevOps.

This week, we are proud to feature an Ambassador from Texas, USA, Mark Peters, a cybersecurity and DevSecOps student and advocate.

Below, we asked Mark a few questions about the evolution of DevSecOps, who has inspired him and the skills he finds the most important in his line of work. He also provides great insight for those starting a career in tech.

Mark works in cybersecurity as the Information Assurance Lead/Security Engineer at Technica Corporation supporting a US Air Force cyber weapon system. He’s an agile leader, DevOps integrator, authored ‘Cashing in on Cyberpower’ and draws heavily from his twenty-two years serving in the US AIr Force. He’s a speaker, mentor, trainer and coach.

(You can connect with Mark directly via Twitter at @TinyCyber or LinkedIn).

Q: How has cybersecurity and DevSecOps changed over the course of your career?

I have always been a planner, especially in the Air Force. One of the goals in leadership is taking small pieces and making them all fit together. As an intelligence professional, we had to develop new products, check security and make sure the proposed products supported the operational team. The models were not exactly the same as they are now but I see a lot of the same thoughts and ideas in the process. During my first real exposure to cybersecurity, I ran classified networks for the U.S. Air Force in Germany. The task was modeling new user requirements for the operational field against required security while working new components into the system. However, before that, I managed a mobile network for an F-16 squadron, then after Germany, I drafted cybersecurity practices for acquisition models, then ran various cyber operations. You could say I had a full scope exposure from the government perspective but I am really enjoying learning more about the commercial side.

Cybersecurity has changed greatly. Every day brings new technical challenges, the goal should be to recognize that it is the culture and the interactions that improve our security posture more than making a technical fix. We need to continue to view our security through our risk, recognizing where a change should be made rather than jumping to the next shiny object.

Q: Tell a story about someone who inspired you to become a leader.

Over the course of many years, there are many people who have inspired me to be better, to learn more, and to continue the process. Some days are always more challenging than others and those around you, as part of your team, are the ones who bring you through. I don’t think that there is anyone I have ever worked for or with who has not changed the way I try to conduct myself as a leader.

The most important person who inspires me daily to continue as a leader is my spouse. She puts up with my rants about different types of technology, helps me walk through ideas, and patiently endures reading everything I write, usually multiple times. Her own work deals primarily with non-profit charities, helping others, and her patience inspires me to continue moving forward in technology. Without her, I would definitely not be the leader and person I am today.

Q: In your opinion, what skills are most important in your line of work today, and why?

The most important skills are to be curious and flexible. New technology can be learned and new models can be integrated. Starting from an intelligence background with the Air Force, I use a standard framework to get through most problems. It consists of about six items, some recursive and describes the framework for curiosity:

1. How do you know?
2. If number one is true, what do I see next?
3. Are the premises around number one true?
4. Do my conclusions naturally follow from the premises?
5. Are there any assumptions I have to make for the premise to be true/
6. Apples to apples not apples to elephants?

The same applies to DevSecOps problems when something occurs, something breaks, or someone comes into your office frantically, the first question is always how do you know? What evidence can you give me to describe the problem? Then you just work through the rest of the chain. If you can be curious and flexible, you can adapt to new technology as it occurs. I am always reading, and always asking questions. People tend to have a fear of asking questions, especially in technology because they do not want to appear to lack understanding. The whole reason for the number of conferences, Youtube videos, and even the DevOps Institute communities are to provide a useful place to ask questions and work through problems.

Q: What’s one piece of advice you would give someone starting their career in tech?

This goes back to the previous question. The best advice I can give someone is to ask questions. Talk to people, explore things that interest you, and explore topics that do not initially interest you. Sometimes those exploration paths lead to interesting topics further down the trail.

DevOps Institute is dedicated to advancing the human elements of DevOps success through the SKIL Framework: Skills, Knowledge, Ideas, and Learning. Learn more.

This blog was originally posted on DevOpsInstitute.com.