Bill Mann Chats about DevSecOps and Balancing Speed and Security

TechSpective Podcast Episode 092

 

CISOs are tasked with a balancing act that is often difficult to achieve–delivering quality apps quickly without sacrificing security. Traditionally, organizations tend to lean toward the speed to market side of that equation at the expense of security, but the attack surface and threat landscape continue to expand and organizations are more aware of the security risks they face. They are also aware of the business and financial consequences of failing at cybersecurity.

Bill Mann, CEO of Styra, joins me on this episode of the TechSpective Podcast to talk about this challenge. Mann stresses that one of the keys to managing the balance is automation and DevSecOps. The cycle of continuous integration and continuous deployment provides a quick feedback loop and offers developers the opportunity to quickly address issues and resolve any identified security concerns in days or even hours rather than weeks or months.

We also chat about Styra’s open source project–Open Policy Agent–and security concerns around open-source applications and code. The theory suggests that open-source code is more secure because anyone can view it so it has more eyeballs scrutinizing it, but that assumes that there are people identifying and resolving issues even though nobody is technically “responsible” for doing so.

Check out the full episode for more about some of the issues and challenges organizations face, and how automating policy management and enforcement, along with other automation and DevSecOps practices can help organizations ensure they get apps to market quickly while ensuring they’re secure at the same time.

The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.
Related Post