Success Requires Reflection on DevSecOps Failures

It was just over a year ago on an extremely hot and humid day in Singapore when a group of DevSecOps nomads gathered to share our stories at DevSecOps Days. We represented Australia, Jakarta, Singapore, and the United States. The more we listened to each other speak, the more we realized that the challenges we thought we were facing individually were, in reality, shared experiences.

Little did I know that these conversations would be fruitful and eventually become a book. The best compliment? “Finally, a book that doesn’t blow sunshine up my a$$”!

As I would discover, the process of crafting a book shares parallels with a shift to DevSecOps.

Accidental Discoveries

After the microphones were turned off and the lights fell we all headed out for a celebratory drink and got to know each other. Even though the views from the top of the Marina Bay Sands Hotel were truly epic we decided to head to Chinatown for dinner. We explored some of the best street food that Singapore had to offer and the best we’d ever eaten.

We sat down at a picnic table where our other friends were eating some amazing looking Chinese cuisine. It was there that Stefan Streichsbier, Edwin Kwan, Fabian Lim, and I continued our discussion of how challenging it was to start the journey on the road of DevSecOps adoption. We shared many horror stories. We had all experienced some massively epic failures. Epic Failures of DevSecOps.

I can’t recall exactly which one of us mentioned that we should write a book about our experiences but I clearly remember Sonatype’s Mark Miller coming over to us after overhearing our conversation and quickly saying “I can make that happen.”

…and he sure did.

Herding Cats and Crowdsourcing

There are so (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by DJ Schleen. Read the original post at:

Avatar photo

DJ Schleen

DJ is a seasoned DevSecOps advocate at Sonatype and provides thought leadership to organizations looking to integrate security into their DevOps practices. He comes from a practitioner background and specializes in architecting DevSecOps pipelines, automating security in DevOps environments, and breaking down organizational silos that inhibit the delivery of safer software. DJ has worked to streamline development pipelines and practices for many Fortune 100 organizations by focusing on culture and technique. He uses this expertise to surface the right technology to serve business goals and support outcomes. He is an international speaker, blogger, instructor and author in the DevSecOps community where he encourages organizations to deeply integrate a culture of security and trust into their core values and product development journey.

dj-schleen has 10 posts and counting.See all posts by dj-schleen