Are You a Fool with a Tool?

I learned about Buckminster Fuller when I was frantically drawing my way through an architecture degree in college. Fuller was quite an inspirational architect and the inventor of the Geodesic dome. He had this saying that stuck in my head: "A fool with a tool still remains a fool." When ... Read More
Introducing Docker Nancy

Nancy, on a Boat! (Announcing Nancy for Docker)

Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal ... Read More

Security Should Stop Being a Drag

About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security vulnerability was detected by scanning tools. That statement was met with a few record scratches in the audience ... Read More

Success Requires Reflection on DevSecOps Failures

It was just over a year ago on an extremely hot and humid day in Singapore when a group of DevSecOps nomads gathered to share our stories at DevSecOps Days. We represented Australia, Jakarta, Singapore, and the United States. The more we listened to each other speak, the more we ... Read More

A Sort of a Homecoming – Why I Joined Sonatype

Switching employers is usually a difficult transition filled with complex emotions, fear, and anxiety. I haven't had any of these feelings as I start my journey at Sonatype. The timing is right, the culture is right, the tools are right, and I have a ton of technique to bring to ... Read More

Security Organizations Need to Start Thinking Like Developers

Many years ago when I was studying architecture a professor once told the class that, as architects, if we designed a space that a contractor couldn’t fit a hammer into, our best designs would never be built. We needed to understand how our designs would ultimately be constructed in the ... Read More