-
Recent Posts
Look at Categories
Archives
Search the Blog
InfoSec Governance
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
- Where should the CSO Report? 21 October, 2019
- The Three Phases to DevOps in Security 5 December, 2018
- Glass Houses…and Music Majors 28 September, 2017
- Shifting the Conversation (An SDLC Story) 18 October, 2016
- Random Favorite Quotes 18 October, 2016
- The Legacy of Controls (A DevOps Story) 3 March, 2015
- Velocity vs. Anti-Velocity 12 February, 2015
Author Archives: Daniel Blander
DevOps is dead, long live Dev!
Yes, it’s hyperbole. But the headline is important. In 2020 I still encounter companies who are moving into cloud, yet are immovable mired in their traditional way of doing IT. They are somehow convinced that a group of infrastructure folks … Continue reading
Posted in DevOps, DevSecOps, Uncategorized
Leave a comment
I Love the Subject of Change Control
I love it not because it is wrapped in complexity, but for quite the opposite reason; it is (and should be) a perfect case of simplicity. Let me explain why with a quick story of bad change control. I watched … Continue reading
Posted in Uncategorized
Leave a comment
Unicorns (and how the Gene Kim challenges us yet again…)
I had the opportunity to read Gene’s new book The Unicorn Project last month. Like the Phoenix Project, I was riveted – nearly missing my tube stops on the way to work. My distractions came from usually as a result … Continue reading
Posted in Uncategorized
Leave a comment
Where should the CSO Report?
I was recently asked the question, “Where does Security belong in an organization?” It is an intriguing question, and one that I think about quite often. Currently most CSOs report to the CIO or CTO. In a few, rare cases, … Continue reading
Posted in Uncategorized
Leave a comment
The Three Phases to DevOps in Security
The Three Phases to DevOps in Security Many of those who aspire to create a high-performing security function within a company are looking at DevSecOps and what it represents. This is laudable, as the concepts that are represented in DevSecOps … Continue reading
Posted in CISO, CSO, DevOps, DevSecOps
Leave a comment
Glass Houses…and Music Majors
First, a disclaimer…this post is *not* about bashing or ranting about Equifax’s security practices. Why? Because I do not have first hand knowledge of what they did or did not do, or what specific exploits and vulnerabilities were leveraged throughout … Continue reading
Posted in Uncategorized
Leave a comment
Shifting the Conversation (An SDLC Story)
I’d like to tell a story (a mostly real one) that can help you think through how to make your DevOps transition a little smoother, level set some over-exuberance, and ensure everyone feels they are getting a fair shake in … Continue reading
Posted in Uncategorized
Leave a comment
Random Favorite Quotes
The following are quotes or paraphrased notes taken from talks I have seen, podcasts, or general conversations with people I know. If you feel you didn’t say these words, or wish to correct them, just contact me. ——— Microsoft gets … Continue reading
Posted in Uncategorized
Leave a comment
The Legacy of Controls (A DevOps Story)
I recently had a pair of encounters that have opened my eyes further to both the causes of our current messy state of IT affairs, and given me hope for a better future. In both cases the issue that came … Continue reading
Posted in Uncategorized
Leave a comment
Velocity vs. Anti-Velocity
No, its not the new anti-matter, or maybe it is. I’ve watched IT organizations now for 26 years. The sadness I feel is that I’ve continuously seen the same downward spiral: Failures are reacted to as a only that – … Continue reading
Posted in IT Governance
Leave a comment