Benjamin LiebermanSenior Solution Architect

Ben Lieberman is currently a Senior Solution Architect in the Perficient Inc., DevOps delivery group. Dr. Lieberman has over twenty years of software and systems development experience across a wide range of industries, including financial, government, telecommunications, life sciences, travel services, and space launch systems. He is highly experienced on multiple software development topics, including requirements analysis, system analysis and design, secure systems development, configuration management, and automated deployment (aka DevSecOps). He also has direct development experience in multiple languages including Java, C#, C++, and Salesforce (APEX) coding languages, and works directly with development teams on agile delivery practices. Dr. Lieberman is an accomplished professional writer with a book (“The Art of Software Modeling”, Auerbach Publishing, 2006) and over three dozen professional IT articles to his credit. Dr. Lieberman holds a doctorate degree in Biophysics and Genetics from the University of Colorado, Anschutz Medical Center, Denver, Colorado.

Connect with Benjamin

Blogs from this Author

Canary

DevSecOps – Canary Deployment Pattern

The Canary Deployment Pattern, or canary release, is a DevSecOps deployment strategy that minimizes risk by targeting a limited audience.  As with all deployment patterns, the goal is to introduce the newly deployed system to the users with as least risk and in as secure a manner as possible.  As noted below, the motivation of […]

Network Connection Technology

DevSecOps Best Practices – Automated Compliance

Secure software practices are at the heart of all system development; doubly so for highly regulated industries such as health-care providers.  Multiple regulatory controls are required for the custodianship of patient and customer data, creation of secure software systems, governance of development environments, and ensuring proper management of audit information. As a best-practice it is […]

Network Connection Technology

DevSecOps – Blue/Green Deployment Pattern

Blue/Green Deployment Pattern The goal of any software development program is to release system changes into production.  There are many ways to safely and securely deploy software into a production environment.  In most cases these patterns follow a similar strategy of limiting exposure of the released software changes to the overall user audience.  This is […]

Security Policy and Development

Understanding Security Policies for Development

Secure Software Development Understanding security policies and how they apply to development practices is key to delivery of secure software.  Unfortunately, most development teams do not have a clear understanding of security implementation.  This may be due to several factors, but a common theme is that security professionals speak a different ‘language’ from developers (i.e. […]

Security Threat Assessment Modeling

Security threat assessment models are an important tool of an overall security and compliance program.  In order to create an effective set of security policies, it is necessary to understand the types of threats, their likelihood of occurrence, the impact of a breach/incident, and how the business can mitigate or control against these threats.  There […]

Security Incident Management

Security Incident Management Incident Management can be defined as “effectively managing unexpected disruptive events with the objective of minimizing impacts and restoring normal operations” (1). For security-related incidents involves all of the steps prior, during, and subsequent to an information security incident.  This may have consequences far beyond the restoration of normal service.  For example, […]

blockchain-strategy-meeting

DevSecOps Release – Product Owner

The Product Owner plays a particularly important role in DevSecOps and release coordination. In this final blog post on DevSecOps and release coordination, we will explore the Product Owner persona. So far we have met the Release Coordinator, Security Architect, and the Operations Coordinator.  Together with these other three key members of the release team, the […]

reference architecture

DevSecOps – Reference Architecture

DevSecOps Reference Architecture When approaching a complex DevSecOps implementation, it is often useful to consider a Reference Architecture as a starting point.  As illustrated in Figure 1, the automation activities can be broken up into three major areas: Continuous Integration (CI), Continuous Deployment (CD) and Continuous Compliance (CC).  Each of these areas encompasses a separate […]

IBM Cloud Pak for Data

DevSecOps and Release – Operations Coordinator

The Operations Coordinator plays a key role in DevSecOps.  In my previous post, DevSecOps and Release Coordination, I introduced the idea of four key responsibilities in the DevSecOps mediated release management process. The idea is to consolidate the validation and approval steps from a “gated” process involving many approvers, and shift the actual work of […]

DevSecOps and Release – Security Architect

In my previous post, DevSecOps and Release Coordination, I introduced the idea of four key players in the DevSecOps mediated release management process. The idea is to consolidate the validation and approval steps from a “gated” process, and shift the actual work of validation earlier in development. In this post, we will explore the role […]

Secure Software Release Coordination

The ultimate goal of all software development is the secure software release of the system to a user-accessible production environment. However, the road from code to production is often a long and perilous one. To reduce the apparent risk associated with a production release, many organizations place “gates” at various points along the release path. […]

Cloud Resource Security – Shared Responsibility Model

In my previous post on Cloud Resources – Policy and Practice, I referenced the “shared security model” adopted by all cloud providers. In this post, we will dive deeper into the differences and consequences of sharing the responsibility for securing computing resources, applications, data, and networks. Whether your organization is extending into cloud-based resources or […]

Load More