Info Q – Daniel Bryant
In this podcast, Mario Platt, VP Head of Information Security at CloudMargin, sat down with InfoQ podcast co-host Daniel Bryant. Topics discussed included: the differences and similarities between DevSecOp and DevOps; the role of a platform in relation to system security; and the value of threat modelling.
Key Takeaways DevSecOps and DevOps share many of the same goals, but using one word over the other when introducing the associated goals, principles, and practices to an organization can bring different results. A platform team’s main aim should be to reduce the cognitive load required from the teams that are developing software applications. Security should be baked-into the platform. Any approach to security must be socio-technical. Recognize that people are a key part of any software system, and they often provide much of the resilience to a system. Threat modelling is an essential practice for all roles within a software delivery organization. Running game days and âred teamingâ can provide valuable insight into how your systems will respond to attacks, stress, and failure.
Link: https://www.infoq.com/podcasts/devsecops-platforms-threat-modelling/