No Retros | DevSecOps Anti-Patterns

Owen Gotimer Hello everyone. My name is Owen Gotimer. I’m the community manager at TechWell. I’m joined today by Tom Stiehm the CTO at Coveros. Tom, thanks for joining me today. Tom Stiehm Thanks for having me. Owen Gotimer So the anti-pattern we’re going to talk about is no retros. Tom Stiehm So what happens […]

Read more
What is RASP?

RASP stands for Runtime Application Self Protection. Like IAST it’s agent based, so it watches your software run and tries to determine if something is attacking it. The goal of IAST is to try to determine if something’s attacking it by a certain behavior. RASP adds a layer to that by recognizing something’s attacking it […]

Read more
What is IAST?

IAST stands for Interactive Application Security Testing. The basic idea is that you have software that watches your application running, usually in a Java or .NET world that uses what’s called the profiling API, and it watches everything that happens in your application and tries to determine if that activity is somehow attacking the software. […]

Read more
Shifting Security Left: The Innovation of DevSecOps

Application security, or AppSec, is hard. For development teams, it often comes into development late in a release cycle and demands changes to the software that seem unreasonable. For the AppSec team, being introduced to a project after the application has been designed and much of the code has been written means there will be […]

Read more
Hiring for Agile Team Members

One of my colleagues recently asked me how I interview people who have agile experience listed on their resume. I gave him some pointers, and it got me started thinking, “How do I interview for Agile experience?”. So building on the thoughts I gave him here is what I do. I start by looking at […]

Read more
No Estimates means Incremental Funding

At Agile+DevOPs 2018 @ryan.ripley kicked off a UX fishbowl panel session about no estimates. To be honest I have been skeptical about no estimates since I first heard about it. I think I have been skeptical about it for a couple of reasons including: Committing to work and achieving it in the sprint has been […]

Read more