Automation for Automation – An Executable Framework for DevSecOps In an age where automated Continuous Integration and Continuous Delivery (CI/CD) is becoming more and more critical to the success of any organization, why are we still building our DevSecOps environments by hand? Instead why don’t we leverage automation for our automation? DevSecOps support teams are […]
Benjamin Lieberman –
Ben Lieberman is currently a Director in the Perficient Inc., Custom Development and DevSecOps (CDDO) delivery group. Dr. Lieberman has over twenty five years of software and systems development experience across a wide range of industries, including financial, government, telecommunications, life sciences, travel services, and space launch systems. He is highly experienced on multiple software development topics, including requirements analysis, system analysis and design, secure systems development, configuration management, and automated build/deployment (aka DevSecOps). He also has direct development experience in multiple languages including Python, Java, C#, C++, and Salesforce (APEX) coding languages, and works directly with development teams on agile delivery practices. Dr. Lieberman is an accomplished professional writer with a book (“The Art of Software Modeling”, Auerbach Publishing) and over three dozen professional IT articles to his credit. Dr. Lieberman holds a doctorate degree in Biophysics and Genetics from the University of Colorado, Anschutz Medical Center, Denver, Colorado.
Connect with Benjamin
Blogs from this Author
Using Ansible URI module with SonarQube tokens
RedHat Ansible is a very flexible configuration management tool that comes with a variety of built in modules. One of these modules, ansible.builtin.uri, is provided as an alternative to using “curl” commands through the ansible.builtin.shell or ansible.builtin.command modules. However, the module documentation does not provide a specific example of how to use the URI module […]
Software Attack Surface Analysis
All software systems exist in an insecure state, which creates the need for a way to conduct software attack surface analysis. This is because any useful system must connect in some way with the outside world and therefore contains at least one point of interaction with that world. These communication paths accept data / instructions […]
GitHub Code Migration Using DevOps Automation
Migration from one code management system to another is a non-trivial exercise. Most of the time the team wishes to maintain code history, branch structure, team permissions, and integrations. This blog post investigates one such migration from Bitbucket to GitHub for a large health maintenance organization. Due to growth and acquisition over time, the organization […]
DevSecOps – Canary Deployment Pattern
The Canary Deployment Pattern, or canary release, is a DevSecOps deployment strategy that minimizes risk by targeting a limited audience. As with all deployment patterns, the goal is to introduce the newly deployed system to the users with as least risk and in as secure a manner as possible. As noted below, the motivation of […]
DevSecOps Best Practices – Automated Compliance
Secure software practices are at the heart of all system development; doubly so for highly regulated industries such as health-care providers. Multiple regulatory controls are required for the custodianship of patient and customer data, creation of secure software systems, governance of development environments, and ensuring proper management of audit information. As a best-practice it is […]
DevSecOps – Blue/Green Deployment Pattern
Blue/Green Deployment Pattern The goal of any software development program is to release system changes into production. There are many ways to safely and securely deploy software into a production environment. In most cases these patterns follow a similar strategy of limiting exposure of the released software changes to the overall user audience. This is […]
Understanding Security Policies for Development
Secure Software Development Understanding security policies and how they apply to development practices is key to delivery of secure software. Unfortunately, most development teams do not have a clear understanding of security implementation. This may be due to several factors, but a common theme is that security professionals speak a different ‘language’ from developers (i.e. […]
Security Threat Assessment Modeling
Security threat assessment models are an important tool of an overall security and compliance program. In order to create an effective set of security policies, it is necessary to understand the types of threats, their likelihood of occurrence, the impact of a breach/incident, and how the business can mitigate or control against these threats. There […]
Security Incident Management
Security Incident Management Incident Management can be defined as “effectively managing unexpected disruptive events with the objective of minimizing impacts and restoring normal operations” (1). For security-related incidents involves all of the steps prior, during, and subsequent to an information security incident. This may have consequences far beyond the restoration of normal service. For example, […]
DevSecOps Release – Product Owner
The Product Owner plays a particularly important role in DevSecOps and release coordination. In this final blog post on DevSecOps and release coordination, we will explore the Product Owner persona. So far we have met the Release Coordinator, Security Architect, and the Operations Coordinator. Together with these other three key members of the release team, the […]
DevSecOps – Reference Architecture
DevSecOps Reference Architecture When approaching a complex DevSecOps implementation, it is often useful to consider a Reference Architecture as a starting point. As illustrated in Figure 1, the automation activities can be broken up into three major areas: Continuous Integration (CI), Continuous Deployment (CD) and Continuous Compliance (CC). Each of these areas encompasses a separate […]