Manage episode 267962826 series 2621695
Security teams often adopt an untrusting and policing approach to development, creating confrontational relationships that only increase risk. For many companies, this culture of gatekeeping prevents the adoption of DevSecOps practices. But now the data is out! Having used agile practices to integrate DevSecOps into Comcast’s development cycle, Larry Maccherone has shown that DevSpecOps significantly reduces risk. On today’s episode, our conversation with Larry focuses on his experience transforming Comcast’s development team. We open by talking about Larry’s career and how he’s learned the importance of visualizing data in order to explain his research. Larry shares the pushback that he experienced from security teams when implementing DevOps practices and how getting this approach to work involved a gradual onboarding process. We discuss the challenges that arise when you follow some DevOps practices but not others before diving into Larry’s research. Despite having results that prove the value of DevSecOps, Larry talks about the unique problem that, “You’re never a prophet in your own town,” meaning that people often fail to recognize innovation when it is developed in-house. Near the end of the episode, Larry talks about cloud tech before giving advice on taking your security to the next level. An episode filled with insights, tune in to it and learn how you can transform your dev team.