///////////////////////////////////////////////////
t cht lk
TOP FIVE WAYS THAT
DEVSECOPS ISN’T
LIKE SPORT
Mike Bursell, Chief Security Architect, Red
Hat, discusses what makes DevSecOps and
sport so different – and similar.
T
his summer has seen the World Cup,
cricket, baseball, rugby, Wimbledon
– more sport around at the moment
than you can shake a stick (or bat, racket or
croquet mallet) at.
I love watching various sports – an activity
at which I excel, unlike my attempts to
play most of them – and I was wondering
about ways in which sport is like the
software world and, more specifically, like
that useful and popular process of DevOps.
And it dawned on me that if there’s
one thing which isn’t like sport, then it’s
DevSecOps (the philosophy of integrating
security practices within the DevOps
process). Let me give you some examples.
www.intelligentcio.com
1. You can’t blame the goalkeeper
Sorry to start with a very specific
example but it’s one that is close to my
heart, mainly because when we picked
football teams at school, I was often the
last one to be chosen and ended up as
goalkeeper, everybody’s least favoured
position. When the ball whipped or just
rolled past me into the back of the net,
I was always the one who was handed
the blame.
Not only is this terribly bad for team
morale but it also shouldn’t be a
reflection of how the team works.
I’m always wary of the phrase ‘with
DevSecOps, security is everybody’s
responsibility’, as not everybody
is a security expert but everybody
needs to take some responsibility for
understanding the correct processes
and following them and blame should
certainly never be laid on just one
person’s shoulders when something
goes wrong.
And don’t forget, with DevSecOps,
you have every opportunity to fix what
went wrong, to fix it quickly and put
in place tests to ensure that the same
vulnerability is never exposed again.
2. You don’t know who your opponent is
When you’re playing sport, it’s usually
pretty clear who your opponent is, where
they are and what they’re doing at any
INTELLIGENTCIO
87