DevSecOps is such a new and evolving practice that it is helpful to hear from someone who can articulate, “Yes. DevSecOps works in theory and in practice.” In this Innovator edition, Ken D’Auria, Director of Engineering at The Hartford, describes a four-part DevSecOps evolution that may sound familiar to others building secure applications.
D’Auria’s long technology career has spanned the Petroleum Exploration, Insurance and Financial Services industries. He’s participated in the evolution and revolution of software development, including gaining an appreciation of the impact of technical debt when he led a two year effort to address Y2K. To paraphrase the words of philosophers and statesmen, “those who don’t learn from the past are doomed to repeat it.”
He has been with The Hartford since 2008, currently focusing on a DevOps Delivery Framework and DevSecOps integration strategy. With his background and depth of experience, D’Auria has unique visibility into how a working theory can become standard practice.
Generation One: Speed
D’Auria’s introduction to DevOps began a decade ago.
“Our mission was to remove noise from the developers and let them develop. The biggest noise they faced were the team-specific build processes. Every time a developer moved to another project or team, they had to learn a new method. Often developers used their own processes. Instead of collaborating, we were building the Tower of Babel.”
“For example, we did not have a standard source code repository,” D’Auria explained. “We created a homegrown build capability, automating it with scripts. We were putting our executables out on shares. That was first generation and what we considered our pre-DevOps era. We were just trying to provide some speed and standardization to the developers.”
Generation Two: Standardization
Eventually, the team built what D’Auria called a “centrally managed set of pipelines. (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: https://blog.sonatype.com/nexus-innovator-ken-dauria-proves-practice-and-theory