In case you missed it, Jeff Gallimore, Excella’s Chief Technology and Innovation Officer, joined long-time govtech reporter John Gilroy on the Federal Tech Podcast recently to discuss the latest in security and software development.
John Gilroy, managing partner of the Oakmont Group, is the host of the Federal Tech Podcast and meets weekly with industry leaders to discuss all things related to federal IT. With Jeff’s background in DevOps and coding coupled with his managerial experience, it was the perfect opportunity to address today’s most pressing trends in technology and the shift left.
While sitting down over some ribs and sandwiches at Monk’s BBQ in downtown Purcellville, VA, Jeff and John dissected an array of topics from DevOps versus DevSecOps to automation and the future of data security. Here’s are just some of the highlights from their in-depth discussion:
Security as a Priority
With security top of mind across every industry, it begs the question of how organizations can prioritize it without compromising other crucial factors such as operational stability and reliability. While Jeff places high value on security, he notes that it is a matter of figuring out what to prioritize and finding a balance so that systems are not left to fail if security measures do.
“I think for each organization and maybe even each team, they need to find the right balance or the right integration of all of the things that are important,” said Jeff. One often overlooked means of striking the right balance among features and ensuring that each piece is operating properly is to shift left security.
The Shift Left
Traditional production processes for software and other tech products are not cutting it. Typically, security teams employ tests and measures to software once it has been produced. Not only is this time consuming and costly, but it delays project timelines as problems are not detected until the final stages. To shift left is to integrate security concerns and requirements as early in the process as possible. With security counterparts involved in the production of the technology and throughout the entire process, teams can save themselves invaluable time and incorporate security measures from the start. This is especially important in modern software development and the application of Agile and DevOps.
Meeting the Mission with DevOps, Automation, and Simplified Acquisition
Jeff spent his early career working on DevOps and now also works with the related practice of DevSecOps, so John asked for Jeff’s take on the two approaches. Rather than choosing one over the other, Jeff instead advocated for selecting the approach that helps organizations win and pushes people to find joy in their work. He recommended organizations pay less attention to terminology and focus on the outcome and the best method to achieve that instead.
While DevOps and DevSecOps can help an organization transform their process, automation can be important as well. Automation is a hot topic in technology because it assists companies in their goal to prioritize security. It plays a huge role in improving security outcomes because it saves time and work by including the final steps that check for vulnerabilities throughout the process. Jeff likes to say that automation is a way for organizations to “bake” security tools into the production process, which allows them to shift left easily.
Modern software based on these approaches, which are constantly updated with features and additional security protocols, requires an equally modern procurement process. Current procurement processes are simply not built for today’s software and services to continually monitor and secure that software. Jeff discussed a number of ways procurement teams can reconsider and simplify software acquisition for the benefit of users and organizations security overall.
The security industry is constantly evolving and things are only getting more complex. Teams need to learn to operate in a rapidly changing environment as speed and complexity make everything more difficult to manage. Organizations need to respond constructively to change or else they will get left behind.
With security at the forefront of organization risk concerns, organizations need to adapt quickly and realize that there is no one-size-fits-all or solution. One way to guarantee success moving forward is to focus on the people.
“You get the right group of people together with the right skills, expertise, perspective, and motivation. You’re gonna solve most of the problems just with that,” Jeff shared.
Finding the right people is the first step in finding the right solution.
Listen to the Full Episode to Learn More