Author Archives: Daniel Blander

About Daniel Blander

Information Security consultant who has spent twenty plus years listening, discussing, designing, and creating solutions that fit the requirements presented. President, Techtonica, Inc.

DevOps is dead, long live Dev!

Yes, it’s hyperbole.  But the headline is important.  In 2020 I still encounter companies who are moving into cloud, yet are immovable mired in their traditional way of doing IT.  They are somehow convinced that a group of infrastructure folks … Continue reading

Posted in DevOps, DevSecOps, Uncategorized | Leave a comment

I Love the Subject of Change Control

I love it not because it is wrapped in complexity, but for quite the opposite reason; it is (and should be) a perfect case of simplicity. Let me explain why with a quick story of bad change control. I watched … Continue reading

Posted in Uncategorized | Leave a comment

Unicorns (and how the Gene Kim challenges us yet again…)

I had the opportunity to read Gene’s new book The Unicorn Project last month. Like the Phoenix Project, I was riveted – nearly missing my tube stops on the way to work. My distractions came from usually as a result … Continue reading

Posted in Uncategorized | Leave a comment

Where should the CSO Report?

I was recently asked the question, “Where does Security belong in an organization?” It is an intriguing question, and one that I think about quite often.  Currently most CSOs report to the CIO or CTO.  In a few, rare cases, … Continue reading

Posted in Uncategorized | Leave a comment

The Three Phases to DevOps in Security

The Three Phases to DevOps in Security Many of those who aspire to create a high-performing security function within a company are looking at DevSecOps and what it represents.  This is laudable, as the concepts that are represented in DevSecOps … Continue reading

Posted in CISO, CSO, DevOps, DevSecOps | Leave a comment

Glass Houses…and Music Majors

First, a disclaimer…this post is *not* about bashing or ranting about Equifax’s security practices. Why? Because I do not have first hand knowledge of what they did or did not do, or what specific exploits and vulnerabilities were leveraged throughout … Continue reading

Posted in Uncategorized | Leave a comment

Shifting the Conversation (An SDLC Story)

I’d like to tell a story (a mostly real one) that can help you think through how to make your DevOps transition a little smoother, level set some over-exuberance, and ensure everyone feels they are getting a fair shake in … Continue reading

Posted in Uncategorized | Leave a comment

Random Favorite Quotes

The following are quotes or paraphrased notes taken from talks I have seen, podcasts, or general conversations with people I know.  If you feel you didn’t say these words, or wish to correct them, just contact me. ——— Microsoft gets … Continue reading

Posted in Uncategorized | Leave a comment

The Legacy of Controls (A DevOps Story)

I recently had a pair of encounters that have opened my eyes further to both the causes of our current messy state of IT affairs, and given me hope for a better future.  In both cases the issue that came … Continue reading

Posted in Uncategorized | Leave a comment

Velocity vs. Anti-Velocity

No, its not the new anti-matter, or maybe it is. I’ve watched IT organizations now for 26 years.  The sadness I feel is that I’ve continuously seen the same downward spiral: Failures are reacted to as a only that – … Continue reading

Posted in IT Governance | Leave a comment