The One About DevSecOps | Command Line Heroes

<!DOCTYPE html> <html lang="en" dir="ltr" prefix="og: https://ogp.me/ns#"> <head> <script>performance.mark('HEAD Start');</script> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>The One About DevSecOps | Command Line Heroes</title> <link rel="preconnect" href="https://static.redhat.com"> <link rel="preconnect" href="https://consent.trustarc.com"> <script id="rhdc_js_errors_js">window.sentryOnLoad=function(){Sentry.init({dsn:"https://676ea2c2d4a147c2834066d24c04a9e4@o490301.ingest.sentry.io/5370002",ignoreErrors:[],integrations:[Sentry.browserTracingIntegration()],environment:'prod',tracesSampleRate:0.75,sampleRate:0.75});};</script> <script id="rhdc_analytics_get_top_eddl_pagedata">var pageData = {"pageCategory":"command-line-heroes","pageName":"rh|command-line-heroes|season-2|the-one-about-devsecops","pageTitle":"The One About DevSecOps | Command Line Heroes","pageType":"page","pageSubType":"Branded media","siteExperience":"","siteLanguage":"en","subsection":"season-2","subsection2":"the-one-about-devsecops","subsection3":"","cms":"RH CMS 1.0","analyticsTitle":"","contentID":"309251","contentType":"","destinationURL":"https:\/\/www.redhat.com\/en\/command-line-heroes\/season-2\/the-one-about-devsecops","gated":"false","offerID":"","errorType":"","contentPublishDate":"2018-11-06","siteName":"rh","dataObject":"appEventData","taxonomyProduct":["781","781"],"taxonomyRegion":["4521"],"taxonomySubType":["107221"],"taxonomyTopic":["107341","107291","107481"],"pageStatus":"published"};</script> <script id="rhdc_analytics_get_top_eddl_js">!function(e,a){"use strict";e.appEventData=e.appEventData||[],e.pageData=e.pageData||[];var t={event:"Page Load Started",page:pageData};if(a.referrer){var r=a.createElement("a");r.href=a.referrer,t.page.previousPage=r.href}t.page.siteExperience=e.innerWidth<=768?"tablet":"desktop",appEventData.push(t)}(window,document);</script> <script id="dpal" src="https://www.redhat.com/dtm.js" async></script> <script id="trustarc" src="https://static.redhat.com/libs/redhat/marketing/latest/trustarc/trustarc.js" async></script> <script src="https://static.redhat.com/libs/redhat/marketing/latest/trustarc/trustecm/js/trustecm.js" data-domain="www.redhat.com" async></script> <script class="trustecm" data-src="https://static.redhat.com/libs/redhat/marketing/latest/trustarc/trustecm/js/trustecm-functional.js" data-tracker-type="functional"></script> <script class="trustecm" data-src="https://static.redhat.com/libs/redhat/marketing/latest/trustarc/trustecm/js/trustecm-advertising.js" data-tracker-type="advertising"></script> <script type="importmap">{"imports":{"@rhds/elements/":"/modules/contrib/red_hat_shared_libs/dist/rhds-elements/modules/"},"scopes":{}}</script> <script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","pathPrefix":"en\/","currentPath":"node\/309251","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en"},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"rh_oidc_manager":{"debug":false,"cookie_settings":{"rh_sso_session_enabled":true},"oidc_settings":{"authority":"https:\/\/sso.redhat.com\/auth\/realms\/redhat-external","client_id":"rhcom","loadUserInfo":true,"post_logout_redirect_uri":"https:\/\/www.redhat.com\/en","redirect_uri":"https:\/\/www.redhat.com\/en","scope":"openid profile_level.rh_events id.email id.idp id.job.title id.job.department id.name id.organization id.sub id.username roles api.graphql","silent_redirect_uri":"https:\/\/www.redhat.com\/en\/silent-renew.html"}},"rhdc_analytics":{"searchTerm":null},"rhdc_bulk_tagging":{"should_skip_product_primary_product_requirement":true,"field_taxonomy_product":{"add":"If there is currently no \u003Cb\u003EPrimary Product\u003C\/b\u003E value before this operation,\n a \u003Cb\u003EProduct\u003C\/b\u003E value will be chosen as the \u003Cb\u003EPrimary Product\u003C\/b\u003E.","remove":"\u003Cul\u003E\n \u003Cli\u003EIf removing all existing \u003Cb\u003EProduct\u003C\/b\u003E value(s), the \u003Cb\u003EPrimary Product\u003C\/b\u003E will also be removed.\u003C\/li\u003E\n \u003Cli\u003EIf not, please choose a new valid \u003Cb\u003EPrimary Product\u003C\/b\u003E in a previous operation\n before removing the \u003Cb\u003EProduct\u003C\/b\u003E.\u003C\/li\u003E\n \u003C\/ul\u003E","replace":"If the \u003Cb\u003EProduct\u003C\/b\u003E that is being replaced is the \u003Cb\u003EPrimary Product\u003C\/b\u003E,\n please change the \u003Cb\u003EPrimary Product\u003C\/b\u003E in a previous operation."},"field_taxonomy_product_primary":{"add":"The \u003Cb\u003EPrimary Product\u003C\/b\u003E that is being added must be a value of an existing \u003Cb\u003EProduct\u003C\/b\u003E value.\n If the \u003Cb\u003EPrimary Product\u003C\/b\u003E value to add is not, please add that \u003Cb\u003EProduct\u003C\/b\u003E in a previous operation.","remove":"You cannot remove the \u003Cb\u003EPrimary Product\u003C\/b\u003E. This operation will be skipped.","replace":"If the new \u003Cb\u003EPrimary Product\u003C\/b\u003E value is not an existing \u003Cb\u003EProduct\u003C\/b\u003E value,\n please add that \u003Cb\u003EProduct\u003C\/b\u003E in a previous operation."}},"rhdcCore":{"webrh":{"version":"1.209.0"}},"rhdc_style":{"flag_myrh_popover":1},"rhdc_solr_listing":{"testmode":false},"csp":{"nonce":"aI-XVYN7eKv652l9zNxJQA"},"user":{"uid":0,"permissionsHash":"925c93e5e058a38840206e2faeb20be77d5863a368189af16a0faa928225c714"}}</script> <script src="/rhdc/system-files/js/js_o8NShEaoNof4B_K0ELLqBNLU3LEWsLuVeGykOiply_Y.js?scope=header&delta=0&language=en&theme=rhdc&include=eJyNUUFuxDAI_FASP6KnXvsBi9hsTNcxEZCt8vuSTbRK1UN7sYGBAQYpOUVoUDejpEF-uBFzrnFkM547KZHJ0dnhCSUkQTA8YqkSNuvkbzIlr1EESeU_6SjC0ummhnMYQXEfY__jSmGqPEJ9K8Izdl84Sgn-fpTTXm7YN3jQBEbcnt2ePfqj7leg1yS0mF4AResrtKlPzHfCC3JjNpR-bfRA0ZPtsozJquZbDombujbDKdsAC3UVNl4tZtLEXr4Fbpi4dp5HtkWcR8whwXLMjTkWsJjumMnYhTcYKk3F8n6VE9UCu1lp3IXsPedUwaOOv-9jdLMzQLhR9dGHF_9rp4yLYPKj5mObTz30P0_zcr8BQH_baQ"></script> <script src="/modules/contrib/rh_oidc_manager/libraries/dist/js/index.min.js?snbk8m" type="module"></script> <script src="https://static.redhat.com/libs/@redhat/marketing/latest/rh.mktg.js" async></script> <link rel="stylesheet" media="all" href="/rhdc/system-files/css/css_arVQeEPWLwEOucKc5hfxprFtgAnMucg8ock0drVvuJ8.css?delta=0&language=en&theme=rhdc&include=eJyNUUFuxDAI_FASP6KnXvsBi9hsTNcxEZCt8vuSTbRK1UN7sYGBAQYpOUVoUDejpEF-uBFzrnFkM547KZHJ0dnhCSUkQTA8YqkSNuvkbzIlr1EESeU_6SjC0ummhnMYQXEfY__jSmGqPEJ9K8Izdl84Sgn-fpTTXm7YN3jQBEbcnt2ePfqj7leg1yS0mF4AResrtKlPzHfCC3JjNpR-bfRA0ZPtsozJquZbDombujbDKdsAC3UVNl4tZtLEXr4Fbpi4dp5HtkWcR8whwXLMjTkWsJjumMnYhTcYKk3F8n6VE9UCu1lp3IXsPedUwaOOv-9jdLMzQLhR9dGHF_9rp4yLYPKj5mObTz30P0_zcr8BQH_baQ" /> <link rel="stylesheet" media="print" href="https://static.redhat.com/libs/redhat/marketing/latest/trustarc/trustecm/css/trustecm.css" data-onload-media="all" onload="this.onload=null;this.media=this.dataset.onloadMedia" /> <link rel="stylesheet" media="all" href="/rhdc/system-files/css/css_a3QLPskX4fJfsI_q84If3Zfq1k4uww7X7wt_sMTMfWw.css?delta=2&language=en&theme=rhdc&include=eJyNUUFuxDAI_FASP6KnXvsBi9hsTNcxEZCt8vuSTbRK1UN7sYGBAQYpOUVoUDejpEF-uBFzrnFkM547KZHJ0dnhCSUkQTA8YqkSNuvkbzIlr1EESeU_6SjC0ummhnMYQXEfY__jSmGqPEJ9K8Izdl84Sgn-fpTTXm7YN3jQBEbcnt2ePfqj7leg1yS0mF4AResrtKlPzHfCC3JjNpR-bfRA0ZPtsozJquZbDombujbDKdsAC3UVNl4tZtLEXr4Fbpi4dp5HtkWcR8whwXLMjTkWsJjumMnYhTcYKk3F8n6VE9UCu1lp3IXsPedUwaOOv-9jdLMzQLhR9dGHF_9rp4yLYPKj5mObTz30P0_zcr8BQH_baQ" /> <link rel="stylesheet" media="print" href="https://static.redhat.com/libs/redhat/rh-iconfont/5/files/rh-web-iconfont.css" data-onload-media="all" onload="this.onload=null;this.media=this.dataset.onloadMedia" /> <link rel="stylesheet" media="all" href="/rhdc/system-files/css/css_aXsZ7vnPHVMI5sWSw2w-TjMmll_RFN0-qs1Fw_Vg7J0.css?delta=4&language=en&theme=rhdc&include=eJyNUUFuxDAI_FASP6KnXvsBi9hsTNcxEZCt8vuSTbRK1UN7sYGBAQYpOUVoUDejpEF-uBFzrnFkM547KZHJ0dnhCSUkQTA8YqkSNuvkbzIlr1EESeU_6SjC0ummhnMYQXEfY__jSmGqPEJ9K8Izdl84Sgn-fpTTXm7YN3jQBEbcnt2ePfqj7leg1yS0mF4AResrtKlPzHfCC3JjNpR-bfRA0ZPtsozJquZbDombujbDKdsAC3UVNl4tZtLEXr4Fbpi4dp5HtkWcR8whwXLMjTkWsJjumMnYhTcYKk3F8n6VE9UCu1lp3IXsPedUwaOOv-9jdLMzQLhR9dGHF_9rp4yLYPKj5mObTz30P0_zcr8BQH_baQ" /> <link rel="stylesheet" media="all" href="/rhdc/system-files/css/css_hAqzji3GTEgnsilTsrmLNQZewIpZ0l0tmwezBKzwL-I.css?delta=5&language=en&theme=rhdc&include=eJyNUUFuxDAI_FASP6KnXvsBi9hsTNcxEZCt8vuSTbRK1UN7sYGBAQYpOUVoUDejpEF-uBFzrnFkM547KZHJ0dnhCSUkQTA8YqkSNuvkbzIlr1EESeU_6SjC0ummhnMYQXEfY__jSmGqPEJ9K8Izdl84Sgn-fpTTXm7YN3jQBEbcnt2ePfqj7leg1yS0mF4AResrtKlPzHfCC3JjNpR-bfRA0ZPtsozJquZbDombujbDKdsAC3UVNl4tZtLEXr4Fbpi4dp5HtkWcR8whwXLMjTkWsJjumMnYhTcYKk3F8n6VE9UCu1lp3IXsPedUwaOOv-9jdLMzQLhR9dGHF_9rp4yLYPKj5mObTz30P0_zcr8BQH_baQ" /> <link type="text/css" href="//static.redhat.com/libs/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" /> <link type="text/css" href="/ux/webdms/css/vendors/plyr.min.css" rel="stylesheet" /> <link type="text/css" href="/ux/webdms/css/styles.min.css" rel="stylesheet" /> <link type="text/css" href="/ux/webdms/css/projects/clh-s2-episodes.min.css" rel="stylesheet" /> <link rel="preload" href="/themes/custom/rh_base_ui/src/fonts/red_hat_text/RedHatTextVFModified.woff2" as="font" type="font/woff2" crossorigin> <link rel="preload" href="/themes/custom/rh_base_ui/src/fonts/red_hat_display/RedHatDisplayVFModified.woff2" as="font" type="font/woff2" crossorigin> <script type="speculationrules">{"prerender": [{"urls": ["/en"]}]}</script> <meta name="description" content="Security vulnerabilities are scaling—up from maybe 1 a month to hundreds each day. Command Line Heroes examines the changes needed for better security—and how automation is key to meeting the rising challenges." /> <link rel="canonical" href="https://www.redhat.com/en/command-line-heroes/season-2/the-one-about-devsecops" /> <link rel="image_src" href="https://www.redhat.com/rhdc/managed-files/og-clh-s2-1200x675.jpg" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://www.redhat.com/en/command-line-heroes/season-2/the-one-about-devsecops" /> <meta property="og:title" content="Command Line Heroes, Season 2: Fail Better" /> <meta property="og:description" content="Security vulnerabilities are scaling—up from maybe 1 a month to hundreds each day. Command Line Heroes examines the changes needed for better security—and how automation is key to meeting the rising challenges." /> <meta property="og:image" content="https://www.redhat.com/cms/managed-files/og-clh-s2-1200x675.jpg" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:description" content="Security vulnerabilities are scaling—up from maybe 1 a month to hundreds each day. Command Line Heroes examines the changes needed for better security—and how automation is key to meeting the rising challenges." /> <meta name="twitter:title" content="Command Line Heroes, Season 2: Fail Better" /> <meta name="twitter:url" content="https://www.redhat.com/en/command-line-heroes/season-2/the-one-about-devsecops" /> <meta name="twitter:image" content="https://www.redhat.com/cms/managed-files/og-clh-s2-1200x675.jpg" /> <meta name="Generator" content="Drupal 10 (https://www.drupal.org)" /> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" />  <style>.dx-relative{position:relative !important;}@media (min-width:576px){.sm\:dx-relative{position:relative !important;}}@media (min-width:768px){.md\:dx-relative{position:relative !important;}}@media (min-width:992px){.lg\:dx-relative{position:relative !important;}}@media (min-width:1200px){.xl\:dx-relative{position:relative !important;}}@media (min-width:1440px){.\32xl\:dx-relative{position:relative !important;}}</style> <meta name="taxonomy-primary-product" content="Red Hat Enterprise Linux" /> <meta name="taxonomy-primary-product-tid" content="781" /> <meta http-equiv="content-language" content="en" /> <meta name="last-publish-date" content="Tue, 13 Mar 2018 00:00:00 GMT" /> <meta name="node-type" content="page" /> <meta name="source" content="rhdc_drupal" /> <meta name="rhdc_key" content="20179461bb2d437aa072eee37232d15b" /> <meta name="taxonomy-product" content="Red Hat Enterprise Linux" /> <meta name="taxonomy-product-tid" content="781" /> <meta name="taxonomy-region" content="Global" /> <meta name="taxonomy-region-tid" content="4521" /> <meta name="taxonomy-sub-type" content="Branded media" /> <meta name="taxonomy-sub-type-tid" content="107221" /> <meta name="taxonomy-topic" content="DevSecOps" /> <meta name="taxonomy-topic-tid" content="107341" /> <meta name="taxonomy-topic" content="Security automation" /> <meta name="taxonomy-topic-tid" content="107291" /> <meta name="taxonomy-topic" content="Tech history" /> <meta name="taxonomy-topic-tid" content="107481" /> <meta name="dateline" content="2018-03-13T00:00:00.00Z" /> <meta name="source_title" content="The One About DevSecOps | Command Line Heroes" /> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <link rel="alternate" hreflang="en" href="https://www.redhat.com/en/command-line-heroes/season-2/the-one-about-devsecops" /> <link rel="alternate" hreflang="es" href="https://www.redhat.com/es/command-line-heroes/season-2/the-one-about-devsecops" /> <script>performance.mark('HEAD End'); performance.measure('HEAD Time', 'HEAD Start', 'HEAD End');</script> </head> <body class="clh-s2e5 path-node rhdc-node-type-page page-node-309251" > <div class="rhb-region rhb-region--highlighted"><div data-drupal-messages-fallback class="hidden"></div></div> <div class="rhdc-header--background-image"></div> <div class="rhb-region rhb-region--content" id="rhb-main-content" role="main"> <article> <div> <div class="one-column"> <div class="dx-relative content-region">  <div class="rh-raw" data-rh-unique-id="2069261"> <div class="one-column"> <div class="dx-relative content-region"> <header id="top" class="dms-band clh-nav-top py-2"> <div class="container text-white"> <div class="row d-flex align-items-center"> <div class="col-6"> <a href="//www.redhat.com/en/command-line-heroes" title="Command Line Heroes"> <img class="img-fluid svg-white" src="/rhdc/managed-files/clh-logo-2-22.svg" width="166" height="42" alt="Command Line Heroes logo" loading="lazy"> </a> </div> <div class="col-6 clh-nav-toggle-wrapper"> <span class="text-monospace text-right font-size-16 d-inline-block">Subscribe<br>& more</span> <a href="#" class="btn btn-toggle" data-toggle="nav-shelf"> <div class="d-inline-block"> <span class="menu-bar"></span> <span class="menu-bar"></span> <span class="menu-bar"></span> </div> </a> </div> </div> </div> </header> <div class="dms-band clh-nav-shelf text-white py-0"> <div class="nav-container pb-4"> <div id="CLHNav" class="accordion pb-8"> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/bg_clh-nav-subscribe.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSubscribe"> <p>Subscribe</p> </button> <div id="clhSubscribe" class="accordion-panel collapse" data-parent="#CLHNav"> <p>Subscribe to the podcast to receive new episodes as soon as we release them</p> <div class="row pb-2"> <div class="col-6 mb-2"> <a href="//geo.itunes.apple.com/podcast/us/id1319947289?mt=2&at=1010lbVy&ct=redhatclh_website" target="_blank" title="Listen on Apple Podcasts"> <img class="img-fluid" src="/rhdc/managed-files/apple%20podcast.svg" alt="Listen on Apple Podcasts"> </a> </div> <div class="col-6 mb-2"> <a href="https://castbox.fm/channel/id1105224?country=us" target="_blank" title="Listen on Castbox"> <img class="img-fluid" src="/rhdc/managed-files/castbox-badge.svg" alt="Listen on Castbox"> </a> </div> <div class="col-6 mb-2"> <a href="//open.spotify.com/show/4Jgtgr4mHXNDyLldHkfEMz" target="_blank" title="Listen on Spotify"> <img class="img-fluid" src="/rhdc/managed-files/spotify-badge.svg" alt="Listen on Spotify"> </a> </div> <div class="col-6 mb-2"> <a href="//feeds.simplecast.com/vUHP7wpf" target="_blank" title="Subscribe via RSS Feed"> <img class="img-fluid" src="/rhdc/managed-files/rss-feed-badge.svg" alt="Subscribe via RSS Feed"> </a> </div> </div> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/bg_clh-nav-about.jpg"> <button href="/en/command-line-heroes/about" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhAbout"> <p>About the podcast</p> </button> <div id="clhAbout" class="accordion-panel collapse" data-parent="#CLHNav"> <p>Discover Red Hat’s original podcast about the people who transform technology from the command line up. Subscribe to our newsletter for commentary from the Command Line Heroes team—and links to take a closer look at the topics we cover.</p> <p><a href="/en/command-line-heroes/about" class="btn btn-primary">Learn about the show</a></p> <p class="mb-0 pb-4"><a href="https://www.redhat.com/forms/?config=19411" class="btn btn-outline-white">Get the newsletter</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/bg_clh-nav-s1.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason1"> <p>Season 1</p> </button> <div id="clhSeason1" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-1/os-wars-part-1" title="OS Wars_Part 1">OS Wars_part 1</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-1/os-wars-part-2-rise-of-linux" title="OS Wars_Part 2">OS Wars_part 2</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-1/agile-revolution" title="The Agile_Revolution">The Agile_Revolution</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-1/devops-tear-down-that-wall" title="DevOps_Tear Down That Wall">DevOps_Tear Down That Wall</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-1/the-containers-derby" title="The Containers_Derby">The Containers_Derby</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-1/crack-the-cloud-open" title="Crack the Cloud_Open">Crack the Cloud_Open</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-1/days-of-future-open" title="Days of Future_Open">Days of Future_Open</a> </li> </ol> <p class="pb-2"><a class="btn btn-link font-family-monospace text-white" href="/en/command-line-heroes/season-1" title="Explore season 1">Explore Season 1</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/bg_clh-nav-s2.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason2"> <p>Season 2</p> </button> <div id="clhSeason2" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/press-start" title="Press Start">Press Start</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/hello-world" title="Hello, World">Hello, World</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/ready-to-commit" title="Ready to Commit">Ready to Commit</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/fail-better" title="Fail Better">Fail Better</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/the-one-about-devsecops" title="The One About DevSecOps">The One About DevSecOps</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/the-data-explosion" title="The Data Explosion">The Data Explosion</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/at-your-serverless" title="At Your Serverless">At Your Serverless</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/open-curiosity" title="Open Curiosity">Open Curiosity</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-2/developer-advocacy-roundtable" title="Bonus_Developer Advocacy Roundtable">Bonus_Developer Advocacy Roundtable</a> </li> </ol> <p class="pb-2"><a class="btn btn-link font-family-monospace text-white" href="/en/command-line-heroes/season-2" title="Explore season 2">Explore Season 2</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/bg_clh-nav-s3.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason3"> <p>Season 3</p> </button> <div id="clhSeason3" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-3/pythons-tale" title="Python's Tale">Python's Tale</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-3/learning-the-basics" title="Learning the BASICs">Learning the BASICs</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-3/creating-javascript" title="Creating JavaScript">Creating JavaScript</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-3/diving-for-perl" title="Diving for Perl">Diving for Perl</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-3/the-infrastructure-effect" title="The Infrastructure Effect">The Infrastructure Effect</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-3/heroes-in-a-bash-shell" title="Heroes in a Bash Shell">Heroes in a Bash Shell</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-3/talking-to-machines" title="Talking to Machines">Talking to Machines</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-3/the-c-change" title="The C Change">The C Change</a> </li> </ol> <p class="pb-2"><a class="btn btn-link font-family-monospace text-white" href="/en/command-line-heroes/season-3" title="Explore season 3">Explore Season 3</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/bg_clh-nav-s4.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason4"> <p>Season 4</p> </button> <div id="clhSeason4" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-4/minicomputers" title="Minicomputers">Minicomputers</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-4/mainframes" title="Mainframes">Mainframes</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-4/personal-computers" title="Personal Computers">Personal Computers</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-4/floppies" title="Floppies">Floppies</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-4/smarter-phones" title="Smarter Phones">Smarter Phones</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-4/open-source-hardware" title="Open Source Hardware">Open Source Hardware</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-4/consoles" title="Consoles">Consoles</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-4/steve-wozniak" title="Steve Wozniak">Steve Wozniak</a> </li> </ol> <p class="pb-2"><a class="btn btn-link font-family-monospace text-white" href="/en/command-line-heroes/season-4" title="Explore season 4">Explore Season 4</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/bg_clh-nav-s5.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason5"> <p>Season 5</p> </button> <div id="clhSeason5" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-5/becoming-a-coder" title="Becoming a Coder">Becoming a Coder</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-5/where-coders-code" title="Where Coders Code">Where Coders Code</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-5/what-kind-of-coder-will-you-become" title="What Kind of Coder Will You Become?">What Kind of Coder Will You Become?</a> </li> </ol> <p class="pb-2"><a class="btn btn-link font-family-monospace text-white" href="/en/command-line-heroes/season-5" title="Explore season 5">Explore Season 5</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/bg_clh-nav-s6.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason6"> <p>Season 6</p> </button> <div id="clhSeason6" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-6/jerry-lawson" title="Jerry Lawson">Jerry Lawson</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-6/gladys-west" title="Dr. Gladys West">Dr. Gladys West</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-6/mark-dean" title="Dr. Mark Dean">Dr. Mark Dean</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-6/marc-hannah" title="Dr. Marc Hannah">Dr. Marc Hannah</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-6/clarence-ellis" title="Dr. Clarence Ellis">Dr. Clarence Ellis</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-6/roy-clay" title="Roy Clay">Roy Clay</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-6/gladys-perkins" title="Gladys Perkins">Gladys Perkins</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-6/arlan-hamilton" title="Arlan Hamilton">Arlan Hamilton</a> </li> </ol> <p class="pb-2"><a class="btn btn-link text-monospace text-white" href="/en/command-line-heroes/season-6" title="Explore season 6">Explore Season 6</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/season-7_nav.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason7"> <p>Season 7</p> </button> <div id="clhSeason7" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-7/dot-com" title="Connecting The Dot-Com">Connecting The Dot-Com</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-7/nsfnet" title="From NSF to ISP">From NSF to ISP</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-7/html" title="A Language for the Web">A Language for the Web</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-7/ux" title="Web UX Begins">Web UX Begins</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-7/shopping" title="Shopping for the Web">Shopping for the Web</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-7/search" title="Looking for Search">Looking for Search</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-7/world" title="The World of the World Wide Web">The World of the World Wide Web</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-7/bubble" title="After the Bubble">After the Bubble</a> </li> </ol> <p class="pb-2"><a class="btn btn-link font-family-monospace text-white" href="/en/command-line-heroes/season-7" title="Explore season 7">Explore Season 7</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/s8-nav.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason8"> <p>Season 8</p> </button> <div id="clhSeason8" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-8/robot-as-servant" title="Robot as Servant">Robot as Servant</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-8/robot-as-software" title="Robot as Software">Robot as Software</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-8/robot-as-maker" title="Robot as Maker">Robot as Maker</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-8/robot-as-humanoid" title="Robot as Humanoid">Robot as Humanoid</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-8/robot-as-body" title="Robot as Body">Robot as Body</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-8/humans-as-robot-caretakers" title="Humans as Robot Caretakers">Humans as Robot Caretakers</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-8/robot-as-threat" title="Robot as Threat">Robot as Threat</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-8/robot-as-vehicle" title="Robot as Vehicle">Robot as Vehicle</a> </li> </ol> <p class="pb-2"><a class="btn btn-link text-monospace text-white" href="/en/command-line-heroes/season-8" title="Explore season 8">Explore Season 8</a></p> </div> </div> <div class="nav-group-wrapper pl-2 pl-sm-3 pr-sm-8" data-bg-image="/rhdc/managed-files/season-9_menu.jpg"> <button href="#" class="accordion-toggle collapsed py-2" data-toggle="collapse" data-target="#clhSeason9"> <p>Season 9</p> </button> <div id="clhSeason9" class="accordion-panel collapse" data-parent="#CLHNav"> <ol class="mb-0 pl-2"> <li class="mb-2"> <a href="/en/command-line-heroes/season-9/relentless-replicators" title="Relentless Replicants">Relentless Replicants</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-9/terrifying-trojans" title="Terrifying Trojans">Terrifying Trojans</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-9/logic-bombs" title="Lurking Logic Bombs">Lurking Logic Bombs</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-9/botnets" title="Dawn of the Botnets">Dawn of the Botnets</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-9/menace-in-the-middle" title="Menace in the Middle">Menace in the Middle</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-9/ransomware" title="Ruthless Ransomers">Ruthless Ransomers</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-9/invisible-intruders" title="Invisible Intruders">Invisible Intruders</a> </li> <li class="mb-2"> <a href="/en/command-line-heroes/season-9/all-together-now" title="All Together Now">All Together Now</a> </li> </ol> <p class="pb-2"><a class="btn btn-link font-family-monospace text-white" href="/en/command-line-heroes" title="Explore season 9">Explore Season 9</a></p> </div> </div>  <ul class="social-list list-inline list-unstyled pl-5 pl-sm-6 mt-1"> <li class="list-inline-item mr-1"> <a class="text-white" href="//www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.redhat.com%2Fen%2Fcommand-line-heroes%2F" target="_blank" title="Facebook" onclick="return !window.open(this.href, 'Facebook', 'menubar=no,toolbar=no,resizable=no,scrollbars=no,height=600,width=600')"> <span class="web-icon-facebook" aria-label="true"></span> </a> </li> <li class="list-inline-item mr-1"> <a class="text-white" href="//www.twitter.com/share?url=https%3A%2F%2Fwww.redhat.com%2Fen%2Fcommand-line-heroes%2F&text=An%20original%20podcast%20about%20the%20people%20who%20transform%20technology%20from%20the%20command%20line%20up.%20Presented%20by%20Red%20Hat." target="_blank" title="Twitter" onclick="return !window.open(this.href, 'Twitter', 'menubar=no,toolbar=no,resizable=no,scrollbars=no,height=600,width=600')"> <span class="web-icon-twitter" aria-label="true"></span> </a> </li> <li class="list-inline-item mr-1"> <a class="text-white" href="//www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.redhat.com%2Fen%2Fcommand-line-heroes%2F&title=Command%20Line%20Heroes&summary=Hear%20the%20epic%20true%20tales%20of%20how%20developers%2C%20programmers%2C%20hackers%2C%20geeks%2C%20and%20open%20source%20rebels%20are%20revolutionizing%20the%20technology%20landscape.%20Command%20Line%20Heroes%20is%20a%20new%20podcast%20hosted%20by%20Saron%20Yitbarek%20and%20produced%20by%20Red%20Hat.&source=Red%20Hat" target="_blank" title="LinkedIn" onclick="return !window.open(this.href, 'LinkedIn', 'menubar=no,toolbar=no,resizable=no,scrollbars=no,height=600,width=600')" aria-current="page"> <span class="web-icon-linkedin" aria-label="true"></span> </a> </li> <li class="list-inline-item mr-1"> <a class="text-white" href="mailto:?subject=Command Line Heroes&body=Hear%20the%20epic%20true%20tales%20of%20how%20developers%2C%20programmers%2C%20hackers%2C%20geeks%2C%20and%20open%20source%20rebels%20are%20revolutionizing%20the%20technology%20landscape.%20Command%20Line%20Heroes%20is%20a%20new%20podcast%20hosted%20by%20Saron%20Yitbarek%20and%20produced%20by%20Red%20Hat. https://www.redhat.com/en/command-line-heroes" target="_blank" title="Email" aria-current="page"> <span class="web-icon-envelope" aria-label="true"></span> </a> </li> </ul> </div> <div class="language-switcher position-absolute bottom-0 right-0 w-100"> <div class="row justify-content-center mx-0"> <div class="col-6 text-center border-right border-black border-20 language-active"> <a href="https://www.redhat.com/es/command-line-heroes" line><img class="img-fluid py-2" width="90" src="/rhdc/managed-files/CLH-logo-Espanol.svg" alt="CLH en espanol logo"></a></div> <div class="col-6 text-center language-inactive"><a href="https://www.redhat.com/en/command-line-heroes" line><img class="img-fluid pt-3 pb-2" width="130" src="/rhdc/managed-files/CLH-logo-inactive.svg" alt="CLH logo"></a></div> </div> </div> </div> <div class="mb-6"> </div></div> </div> </div> </div>  <div class="rh-raw" data-rh-unique-id="2069271"> <section class="dms-band clh-hero--episode pb-md-0"> <div class="container text-white pt-12"> <div class="row"> <div class="col-lg-6 reveal"> <h5 class="section-label mb-1 font-weight-light">Season 2, Episode 5</h5> <h1 class="mb-lg-4 font-family-monospace font-size-28 font-size-lg-38">The One About DevSecOps</h1> <div class="clh-audio plyr-theme"> <audio src="https://dts.podtrac.com/redirect.mp3/audio.simplecast.com/5cfd48a4.mp3" controls></audio> </div> <a class="btn btn-link mt-2 mb-0 font-family-monospace text-white" href="#" title="Listen to this episode later" data-toggle="nav-shelf" data-toggle-panel="#clhSubscribe">Listen to this episode later</a> </div> <div class="col-lg-6 text-center reveal"> <p><img src="/rhdc/managed-files/S2-E5-vault-hero.png" alt="vault" width="400"></p> </div> </div> </div> </section> </div>  <div class="rh-raw" data-rh-unique-id="2069281"> <section class="dms-band clh-notes pt-md-0"> <div class="container text-white"> <div class="row"> <div class="col-12 col-lg-7 col-xl-6 mx-auto reveal"> <ul class="nav nav-tabs mb-3 d-flex justify-content-center font-family-monospace"> <li class="nav-item text-center"> <a class="tab-show-notes nav-link mx-0 mr-md-6 p-0 font-size-22 text-white active" href="#show-notes" data-toggle="tab" title="Show notes">Show notes</a> </li> <li class="nav-item text-center"> <a class="tab-transcript nav-link mt-2 mt-md-0 mx-0 p-0 font-size-22 text-white" href="#transcript" data-toggle="tab" title="Transcript">Transcript</a> </li> </ul> <div class="tab-content"> <div id="show-notes" class="tab-pane fade active text-white show"> <div class="row"> <div class="col-12 mb-0"> <p>Bad security and reliability practices can lead to outages that affect millions. It's time for security to join the DevOps movement. And in a DevSecOps world, we can get creative about improving security.</p> <p>Discovering one vulnerability per month used to be the norm. Now, software development moves quickly thanks to agile processes and DevOps teams. Vincent Danen tells us how that's led to a drastic increase in what's considered a vulnerability. Jesse Robbins, the former master of disaster at Amazon, explains how companies prepare for catastrophic breakdowns and breaches. And Josh Bressers, head of product security at Elastic, looks to the future of security in tech.</p> <p>We can't treat security teams like grumpy boogeymen. Hear how DevSecOps teams bring heroes together for better security. </p> </div> </div> </div> <div id="transcript" class="tab-pane fade"> <div class="row"> <div class="col-12"> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>00:01</strong> - <em>House subcommittee representative</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>On June the 26th, 1991, Washington DC, much of Maryland and West Virginia, major portions of my home state were paralyzed by massive failure in the public telephone network. And yet, as technology becomes more sophisticated and network systems more interdependent, the likelihood of recurrent failures increases. It's not as though there wasn't warning that this would happen.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>00:23</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>In the early 1990s, 12 million Americans were hit with massive phone network failures. People couldn't call the hospital. Businesses couldn't call customers. Parents couldn't call their daycares. It was chaos and it was also a serious wake-up call, a wake-up call for a country whose infrastructure relied heavily on the computer systems that networked everything. Those computer networks were growing larger and larger, and then when they failed, yeah, they failed big time. </p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>01:01</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>A computer failure caused that phone system crash. This tiny one line bug in the code, and today the consequences of little bugs like that are higher than ever.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>01:15</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>I'm Saron Yitbarek and this is Command Line Heroes, an original podcast from Red Hat.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>01:24</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>So software security and reliability matter more than ever. The old waterfall approach to development, where security was just tacked onto the end of things, that doesn't cut it anymore. We're living in a DevOps world where everything is faster, more agile, and scalable in ways they couldn't even imagine back when that phone network crashed. That means our security and reliability standards have to evolve to meet those challenges.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>01:55</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>In this episode, we're going to figure out how to integrate security into DevOps, and we're also exploring new approaches to building reliability and resilience into operations. Even after covering all that, we know there's so much more we could talk about because in a DevSecOps world, things are changing fast for both the developers and operations. These changes mean different things depending on where you're standing, but this is our take. We'd love to hear yours too—so don't be shy if you think we've missed something—hit us up online.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>02:34</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>All right, let's dig in and start exploring this brand new territory.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>02:43</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Here's the thing, getting security and reliability up to speed, getting it ready for a DevOps world, means we have to make a couple of key adjustments to the way we work. Number one, we have to embrace automation. I mean, think about the logistics of say two-factor authentication. Think of the impossibly huge task that poses. It's pretty obvious you're not going to solve things by just adding more staff, so that's number one, embracing automation.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>03:15</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And then, number two, and this one's maybe less obvious, it's really changing the culture so security isn't a boogeyman anymore. I'm going to explain what I mean by changing the culture later on, but let's tackle these two steps one at a time. First up, embracing automation.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>03:42</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Once upon a time app deployment involved a human-driven security review before every single release, and I don't know if you've noticed, but humans, they can be a little slow. That's why automation is such a key part of building security into DevOps. Take, for example, this recent data breach report from Verizon. They found that 81% of all hacking–related breaches involve stolen or weak passwords, and that's on the face of it such a simple problem. But it's a simple problem at a huge scale. Like I mentioned before, you're not going to staff your way out of 30 million password issues, right? The hurdle is addressing that problem of scale, the huge size of it, and the answer is the same every time. It's automation, automation.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>04:36</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>If you wait for a human being to get involved, it's not going to scale.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>04:41</strong> - <em>D20 Babes player 2</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Vincent Danen is the director of product security at Red Hat and over the 20 years he's been at this, he's watched as DevOps created a faster and faster environment. Security teams have had to race to keep up.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>04:56</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>When I started, it was a vulnerability per month and then it started becoming every other week and then every week, and now we're into the, you know, literally finding hundreds of these things every day.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>05:08</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>What's interesting here is that Vincent says there are actually more vulnerabilities showing up as security teams evolve, not less.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>05:17</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>We'll never get to the point where we say, oh, we're secure now, we're done. Our job is over. It'll always be there. It's just something that has to be as normal as breathing now.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>05:27</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>It turns out what counts as an issue for security and reliability teams is becoming more and more nuanced.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>05:35</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>As we're looking for these things, we're finding more and this trend is going to continue as you find new classes of vulnerabilities and things we maybe didn't think were important or didn't even know they existed before. We're finding out about these things much faster and there's more of them. And so the scale kind of explodes. It's knowledge. It's volume of software. It's number of consumers. All of these things contribute to the growth of security in this area and the vulnerabilities that we're finding.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>06:06</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Once you see security as an evolving issue rather than one that gets "solved" over time, the case for automation, well, it gets even stronger.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>06:18</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Well, I think with automation you can integrate this stuff into your development pipelines in a way that is very fast, for one. For two, you don't require human beings to do this effort, right? Computers don't need to sleep, so you can churn through code as fast as your processors will allow rather than waiting for a human to pour through some maybe rather tedious lines of code to go looking for vulnerabilities.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>06:44</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And then with pattern-matching and heuristics, you can actually determine what's vulnerable even at the time of writing the code to begin with. So if you have, like, a plug-in, you know, for your IDE or your tool that you're using to write your code, it can tell you as you're writing it, like, hey, maybe this looks a little fishy, or you've just introduced a vulnerability and you can correct these things before you even commit the code.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>07:08</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Security on the move. That's a huge bonus.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>07:12</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>There's just so much that's coming out every, every day, every hour even. With continuous integration and continuous delivery, you write code and it's deployed 10 minutes later. All right, so it's really critical to get that validation of that code automatically prior to it being pushed out.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>07:32</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>A whole breadth of tools are available so we can actually get this done, whether it's static code analysis or plug-ins for your IDE or a whole bunch of other options. We'll share some of our favorites in the show notes for this episode over at redhat.com/commandlineheroes.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>07:53</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Once we've got those tools in place, they help keep security top of mind. The result, DevOps gets re-imagined as DevSecOps. Security gets baked into the process.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>08:08</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>In the same way that developers and operations kind of combined, you took those two disciplines to generate one. Now you have DevOps, and taking that third component of security and integrating that in with development and operations, I think is really important because having security as the afterthought is what makes security so reactive, so expensive, so damaging or potentially damaging to consumers. And when you plug that in right at the beginning, you have development being done, securities in there from start to finish and the operations work.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>08:44</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Of course, like we mentioned at the top of the episode, automation is really just one half of a bigger pie and Vincent gets that.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>08:53</strong> - <em>Vincent Danen</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>It's not just one piece. You can't just, you know, throw a tool in your CI/CD pipeline and expect everything to be okay. There's a whole gamut of different techniques and technologies and behaviors that are required to produce those ultimate beneficial results that we want to see.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>09:15</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Automation does get us partway there, but we've got to remember the other piece—that slightly fuzzier piece. Say it with me, the culture piece, getting developers and ops both on board so that these issues aren't boogeyman anymore.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>09:33</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>We have to change a culture and some folks are learning to do that in the least painful way possible, with games.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>09:44</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Let's take a swing over to the op side of things now. It's so easy to stand up huge infrastructure these days, but that doesn't mean we should be doing shoddy work. We should still be hammering on our systems, ensuring reliability, figuring out how to prepare for the unexpected. That's the mindset Jesse Robbins is working to bring about.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>10:08</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Today Jesse is the CEO of Orion Labs, but before that he was known as the master of disaster over at Amazon. During his time there, Jesse was pretty much a wizard at getting everybody at least aware of these issues. And he did it with something called Game Day. These can involve thousands of employees running through disaster scenario drills, getting used to the idea of things breaking and getting intimate with the why and the how.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>10:39</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Here's Jesse and me talking it over, looking especially at how reliability and resilience get built into the operation side.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>10:47</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Very cool. So you are known for many things, but one of those things is the exercise Game Day, what you did at Amazon. What is that? What's Game Day?</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>10:58</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>So Game Day was a program that I created to test the operational readiness of the most vulnerable systems by breaking things at massive scale. So if you're a fan of what's called Chaos Monkey Now by the Netflix people and others, Game Day was the name for my program that definitely proceeded all of that. It was really heavily focused on building a culture of operational excellence, building the capability to test systems at massive scale when they're breaking, learn how they break to improve them. And then also to build a culture that is capable of responding to and recovering from incidents in situations. And it was all modeled and is all modeled after the incident command system, which is what the fire departments use around the world for dealing with incidents of any size.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>11:56</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>It was sort of born from ...</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>11:58</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Crazy side note, Jesse trained to be a firefighter back in 2005. And that's where he learned this incident command system that ended up inspiring Game Day. So all the developers doing these disaster scenarios out there, you've got Jesse's passion for firefighting and emergency management to thank for that. Okay, back to our chat.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>12:22</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Resilience is the ability of a system, and that includes people and the things that those people build to adapt to change, to respond to failures and disturbances. And one of the best ways to build that—to build a culture that can respond to those types of environments and really understands how those work—is to provide people training exercises. And those exercises can be as simple as something like, you know, rebooting a server or as complicated as a injecting massive scale faults by turning off entire datacenters and kind of everything in between. And so what a Game Day is is first of all a process where you prepare for something by getting an entire organization together and kind of talking about how systems fail and thinking about what human beings know about how they expect failure to happen. And that exercise by itself is often one of the most valuable parts of kind of the beginning of a Game Day.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>13:24</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>But then you actually run an exercise where you break something. It could be something big, it could be something small. It could be something that breaks all the time. And when you do that, you're able to study how everyone responds where things can move to. You can see the system breaking and that might be something that is safe to break, a well-understood component or it might be something that exposes what we call a latent defect. Those are those problems hiding in software or in technology or in a system at scale that we only can find out about when you have an extreme or an unexpected event. It's really designed to train people and to build systems that you understand how they're going to work under stress and under strain.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>14:12</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And so when I hear Game Day, it makes me think, “Was this a response to something very specific that happened, that inspired it? Where'd it come from?”</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>14:20</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>So Game Day started during a period of time where I knew because of my role and because of my unique background as a firefighter and emergency manager, that it was important to change the cultural approach from focusing on the idea of preventing failure to instead embracing failure, accepting that failure happens. And part of what inspired that was both my own experience, you know, understanding systems, how like buildings fail and how civic infrastructure fails, and how disasters happened, and the strain that that puts on people. And saying, well, if we look at the complexity and operational scale that we have at the place of employment that I was at, the only way that we're really going to build and change and become a high-reliability, always-on environment, is truly to embrace the fire service approach. Where we know that failures will happen. It's not a question of if, it's a question of when. And then as my old fire chief would say, you don't choose the moment, the moment chooses you. You only choose how prepared you are when it does.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>15:28</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Oh, that's a good one. So when you first started doing the Game Days and thinking about how to be prepared for disaster scenarios, was everyone on board with this or did you get any pushback?</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>15:40</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Everyone thought I was crazy. So definitely there were people that resisted it. And it's interesting because there was a really simple way of overcoming that resistance, which is first creating what I call champions. You want to teach people, a small group, how to work in a way that is very safe and then you want to give them some exposure and then you want to use a set of metrics where you're able to say, look, let's just measure how many minutes of outage there is, how many minutes of downtime my team has that has this training and operates this way. Versus, I don't know, your team, who does not have that and who seems to think that doing this type of training and exercises isn't valuable or isn't important.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>16:25</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And once you do that kind of thing, you basically end up with what I call a compelling event. So, often there'll be an outage or some other thing where the organization suddenly and starkly realizes, oh my goodness, we can't keep doing things the way that we've been doing them before. And that becomes the method you use to overcome the skeptics. You use a combination of data and performance information on the one hand, coupled with metrics, and then great storytelling, and then you wait for the big one or the scary incident that happens and you say, you know, the whole organization needs this ability if we're going to operate at web scale or internet scale.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>17:06</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Mm-hmm (affirmative). So what I love about this is that it didn't just stay within Amazon. It spread. A lot of other companies are doing it. A lot of people have ended up embracing this knowledge and this process to, you know, to be prepared. What is next? How do we continue carrying on the knowledge from Game Day into future projects and future companies?</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>17:31</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>I like to talk about it as convergent evolution. So every large organization that operates on the web has now adopted a version of both the incident management foundation that I certainly advocated for and has created their own Game Day testing. You know, Netflix calls it the Chaos Monkey. And Google has their Dirt program.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>17:57</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>So what are your hopes and dreams for Game Day in the future?</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>18:00</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>What I am excited about first of all is that we are seeing this evolution now from a thinking of silos and thinking of systems as being disconnected. Systems being fundamentally interconnected, interdependent and built and run by smart people around the world that are trying to do great and big things.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>18:22</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Years ago when I got my start, caring about operations was a backwater. It was not an interesting place. And suddenly we found ourselves being able to propagate the idea that developers and operations people working together are the only way that meaningful technology gets built and run in a connected world.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>18:44</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And so my hope for the future is number one, we're seeing more and more people embracing these ideas and learning about them. Understanding that when you build something that people depend on, you have an obligation to make sure that it's reliable, it's usable, it's dependable, it's something that people can use as part of their daily lives.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>19:05</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>But also we're seeing a new discipline emerge. It's being studied, you know, there's PhD theses being written on it. It's being built out constantly.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>19:16</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>That's awesome.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>19:16</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>There's books being written, there's all these new resources that aren't, you know, just a couple of people talking at a conference about how they think the world should work. And so my sort of inspirational hope is one, understand that if you're building software and technology that people use, you're really becoming part of the civic infrastructure. And so the set of skills that I've tried to contribute as a firefighter to technology and the skills that are now emerging that are taking that so much farther are part of the foundation for building things that people depend on everyday.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>19:53</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Very nice. Oh, that's a great way to end. Thank you so much Jesse for your time.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>19:56</strong> - <em>Jesse Robbins</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Yeah, thank you.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>11:59</strong> - <em>Saku Panditharatne</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And I think all these factors work against adopting the best possible software.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>20:02</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>In Jesse's vision, exercises like Game Day or Chaos Monkey are a crucial part of our tech culture growing up, but they are also crucial for society at large. And I love that he's putting the stakes that high because he's right. Our world depends on the work we do. That much was obvious back in the 90s when telephone networks started crashing.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>20:26</strong> - <em>House subcommittee representative</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Modern life as we know it almost ground to a halt.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>20:31</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And there's a duty that goes along with that. A duty to care about security and reliability, about the resilience of the things we build. Of course, when it comes to building security into DevOps, we're just getting started.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>20:53</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>That's Josh Bressers. He's the head of product security at a data search software startup called Elastic. For Josh, even though the computer industry's been maturing for a half-century or so, the kind of security we've been talking about here feels like it just came into its own.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>21:11</strong> - <em>Josh Bressers</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Practically speaking, as what I would say maybe a profession, security is still very new and there's a lot of things we don't understand.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>21:19</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Here's what we do understand though, in a DevSecOps world, there are some pretty sweet opportunities to get creative about what security can achieve.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>21:29</strong> - <em>Josh Bressers</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>I was recently talking to somebody about a concept where they're using user behavior to decide if a user should be able to access the system. Everybody has certain behaviors, be it where they're coming from, time of day they're accessing a system, the way they type, the way they move their mouse. And so they're actually one of those places that I think could have some very powerful results if we can do it right, where we can pay attention to what someone's doing. And then let's say I'm acting weird and you know, I'm weird because I just sprained my wrist. But you know, the other end doesn't know that.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>22:05</strong> - <em>Josh Bressers</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And so it might say, all right, something's weird, we want you to log in with your two-factor auth and we're going to also send you a text message or something. Right? And so we've just gone from essentially username and password to something more interesting. And so I think looking at a lot of these problems in new and unique ways is really going to be key. And in many instances, we're just not there yet.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>22:27</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Getting there requires those two big steps we've been describing. Step one, it's that automation, so crucial because ...</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>22:35</strong> - <em>Josh Bressers</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Humans are terrible at doing the same thing over and over again.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>22:38</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Fair. And then we've got step two, the culture, all of us having a stake in security and the liability, no matter what our job title might say.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>22:49</strong> - <em>Josh Bressers</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>When most people think of the security team, they don't think of happy nice people, right? It's generally speaking terrible, grumpy, annoying people, who if they show up, they're going to ruin your day. And nobody wants that, right?</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>23:10</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>But I think we can get over that bias because we have to, think of it this way—more security threats happen every day and every day IT infrastructure is growing larger and more powerful. Put those two truths together and you better live in a world where security gets embraced. A very DevSecOps world where developers and operations are upping their security games, upping their reliability games. What I'm talking about is a future where automation is integrated into every stage and everybody's attitudes toward these issues become more holistic. That's how we're going to keep tomorrow's systems safe. That's how we're going to keep the phones ringing, the lights on, all of modern life healthy and strong. If you pull up Forbes’ list of the global 2000 organizations, that's the top 2000 public companies, it turns out a full quarter of them have embraced DevOps. Integrated agile workplaces are becoming the rule of the land. And in a few years thinking in terms of DevSecOps might become second nature. We want to go as fast as possible, but the long game is actually faster when every part of the team is in the race together.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>24:40</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Next episode, we're getting hit by the data explosion. Humans have entered the Zettabyte era. By 2020, we'll be storing about 40 zettabytes of information on servers that mostly don't even exist yet. But how are we supposed to make all that data useful? How do we use high-performance computing and open source projects to get our data working for us? We find out in episode 6 of Command Line Heroes.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>25:13</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>And a reminder, all season long we're working on Command Line Heroes: The Game. It's our very own open source project and we've loved watching it all come together, but we need you to help us finish. If you hit up redhat.com/commandlineheroes, you can discover how to contribute. And you can also dive deeper into anything we've talked about in this episode.</p> </div> </div> <div class="row"> <div class="col-12"> <div class="card mb-2"> <div class="card-body p-1 bg-yellow text-white"> <p class="mb-0"><strong>25:39</strong> - <em>Saron Yitbarek</em></p> </div> </div> </div> </div> <div class="row"> <div class="col-12"> <p>Command Line Heroes is an original podcast from Red Hat. Listen for free on Apple Podcasts, Google Podcasts, or wherever you do your thing. I'm Saron Yitbarek. Until next time, keep on coding.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> </div>  <div class="rh-raw" data-rh-unique-id="2069291"> <section class="dms-band clh-bonus bg-white"> <div class="container"> <div class="row"> <div class="col-12 reveal"> <h3 class="font-family-monospace text-black">Keep going</h3> <div class="row"> <div class="col-md-6 d-flex reveal"> <div class="card rounded-0"> <div class="card-body p-2 p-md-3"> <h3 class="font-family-monospace font-weight-light text-black">Build a DevSecOps Team</h3> <p class="text-black">Building teams through deliberate destruction</p> <p><a class="btn btn-link text-white" href="https://opensource.com/article/18/10/security-devops-steps" title="Does your team need to learn how to break things?">Tear it down</a></p> </div> </div> </div> </div> </div> </div> </div> </section> </div>  <div class="rh-raw" data-rh-unique-id="2069301"> <section class="dms-band clh-guests bg-repeat bg-pos-ct bg-size-cover" data-bg-image="https://www.redhat.com/ux/webux/img/bandbg/bkgd-clh-s2e5b-2000x900.jpg"> <div class="container"> <div class="row"> <div class="col-12"> <h3 class="font-family-monospace text-white reveal">Featured in this episode</h3> <div class="row"> <div class="col-12 col-md-6 col-lg-3 pb-2 pb-lg-0 reveal"> <div class="card mb-0 h-100 bg-white rounded-0"> <a class="d-flex d-md-block w-100 h-100 text-blue" href="//twitter.com/vdanen" target="_blank" title="Vincent Danen"> <div class="card-header p-0 bg-no-repeat bg-pos-cc bg-size-cover rounded-0" data-bg-image="/rhdc/managed-files/person-clh-danen-300x300.jpg" alt="Vincent Danen"></div> <div class="card-body p-2 bg-white"> <h4 class="font-family-monospace">Vincent Danen</h4> <p class="mb-0">Director of product security at Red Hat</p> </div> </a> </div> </div> <div class="col-12 col-md-6 col-lg-3 pb-2 pb-lg-0 reveal"> <div class="card mb-0 h-100 bg-white rounded-0"> <a class="d-flex d-md-block w-100 h-100 text-blue" href="//twitter.com/jesserobbins" target="_blank" title="Jesse Robbins"> <div class="card-header p-0 bg-no-repeat bg-pos-cc bg-size-cover rounded-0" data-bg-image="/rhdc/managed-files/person-clh-robbins-300x300.jpg" alt="Jesse Robbins"></div> <div class="card-body p-2 bg-white"> <h4 class="font-family-monospace">Jesse Robbins</h4> <p class="mb-0">Chief executive officer at Orion Labs</p> </div> </a> </div> </div> <div class="col-12 col-md-6 col-lg-3 pb-2 pb-lg-0 reveal"> <div class="card mb-0 h-100 bg-white rounded-0"> <a class="d-flex d-md-block w-100 h-100 text-blue" href="//twitter.com/JessRudder" target="_blank" title="Josh Bressers"> <div class="card-header p-0 bg-no-repeat bg-pos-cc bg-size-cover rounded-0" data-bg-image="/rhdc/managed-files/person-clh-bressers-300x300.jpg" alt="Josh Bressers"></div> <div class="card-body p-2"> <h4 class="font-family-monospace">Josh Bressers</h4> <p class="mb-0">Head of product security at Elastic</p> </div> </a> </div> </div> </div> </div> </div> </div> </section> </div>  <div class="rh-raw" data-rh-unique-id="2069311"> <section class="dms-band clh-newsletter pt-6 pt-md-8"> <div class="container text-white"> <div class="row"> <div class="col-12 col-md-6 col-lg-5 reveal"> <div class="card"> <div class="card-body p-0"> <img class="img-fluid svg svg-white mb-3" src="/rhdc/managed-files/logo-command-line-heroes.svg" width="166" height="42" alt="Command Line Heroes logo" title="Command Line Heroes" loading="lazy"> <h2 class="font-family-monospace">Share our shows</h2> <p>We are working hard to bring you new stories, ideas, and insights. Reach out to us on social media, use #CommandLinePod, and follow us for updates and announcements.</p> <div class="row"> <ul class="social-list mb-0 d-flex align-items-center list-unstyled"> <li class="social-item mr-1 mr-sm-2 d-inline-block">Share</li> <li class="social-item d-inline-block"> <a class="social-link d-flex align-items-center justify-content-center text-white" href="//www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.redhat.com%2Fen%2Fcommand-line-heroes%2F" target="_blank" title="Facebook" onclick="return !window.open(this.href, 'Facebook', 'menubar=no,toolbar=no,resizable=no,scrollbars=no,height=600,width=600')"> <span class="web-icon-facebook" aria-label="Facebook"></span> </a> </li> <li class="social-item ml-1 d-inline-block"> <a class="social-link d-flex align-items-center justify-content-center text-white" href="//www.twitter.com/share?url=https%3A%2F%2Fwww.redhat.com%2Fen%2Fcommand-line-heroes%2F&text=An%20original%20podcast%20about%20the%20people%20who%20transform%20technology%20from%20the%20command%20line%20up.%20Presented%20by%20Red%20Hat." target="_blank" title="X" onclick="return !window.open(this.href, 'X', 'menubar=no,toolbar=no,resizable=no,scrollbars=no,height=600,width=600')"> <span class="d-flex" aria-label="X"><svg id="uuid-fa6eed5a-a519-44a2-a49d-33609fd1e951" width="18" height="18" viewBox="0 0 30 30" style="fill: white;" aria-hidden="true"><path d="m16.78,13.54l6.96-8.09h-1.65l-6.04,7.02-4.82-7.02h-5.56l7.3,10.62-7.3,8.48h1.65l6.38-7.42,5.1,7.42h5.56l-7.57-11.01h0Zm-2.26,2.62l-.74-1.06L7.9,6.69h2.53l4.75,6.79.74,1.06,6.17,8.83h-2.53l-5.03-7.2h0Z" stroke-width="0" /></svg></span> </a> </li> <li class="social-item ml-1 d-inline-block"> <a class="social-link d-flex align-items-center justify-content-center text-white" href="//www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.redhat.com%2Fen%2Fcommand-line-heroes%2F&title=Command%20Line%20Heroes&summary=Hear%20the%20epic%20true%20tales%20of%20how%20developers%2C%20programmers%2C%20hackers%2C%20geeks%2C%20and%20open%20source%20rebels%20are%20revolutionizing%20the%20technology%20landscape.%20Command%20Line%20Heroes%20is%20a%20new%20podcast%20hosted%20by%20Saron%20Yitbarek%20and%20produced%20by%20Red%20Hat.&source=Red%20Hat" target="_blank" title="LinkedIn" onclick="return !window.open(this.href, 'LinkedIn', 'menubar=no,toolbar=no,resizable=no,scrollbars=no,height=600,width=600')"> <span class="web-icon-linkedin" aria-label="LinkedIn"></span> </a> </li> <li class="social-item ml-1 d-inline-block"> <a class="social-link d-flex align-items-center justify-content-center text-white " href="mailto:?subject=Command Line Heroes&body=Hear%20the%20epic%20true%20tales%20of%20how%20developers%2C%20programmers%2C%20hackers%2C%20geeks%2C%20and%20open%20source%20rebels%20are%20revolutionizing%20the%20technology%20landscape.%20Command%20Line%20Heroes%20is%20a%20new%20podcast%20hosted%20by%20Saron%20Yitbarek%20and%20produced%20by%20Red%20Hat. https://www.redhat.com/en/command-line-heroes" target="_blank" title="Email" aria-current="page"> <span class="web-icon-envelope" aria-label="Email"></span> </a> </li> </ul> </div> </div> </div> </div> <div class="col-12 col-md-6 offset-lg-1 reveal"> <div class="card mb-0 bg-white rounded-0 text-black"> <div class="card-body p-2 p-md-3"> <h2 class="text-red font-family-monospace">Presented by Red Hat</h2> <p class="mb-0">Sharing knowledge has defined us from the beginning–ever since co-founder Marc Ewing became known as “the helpful guy in the red hat.” Head over to the Red Hat Blog for expert insights and epic stories from the world of enterprise tech.</p> </div> <div class="card-footer pt-0 px-2 px-md-3 pb-2 pb-md-3"> <rh-cta variant="primary"><a class="mb-0" href="https://www.redhat.com/en/red-hat-original-series" title="Red Hat original series" data-analytics-category="Command Line Heroes|Presented by Red Hat|See original shows" data-analytics-text="See original shows" data-analytics-linktype="cta">See original shows</a></rh-cta> <rh-cta class="pl-2"><a href="https://www.redhat.com/en/blog" title="Red Hat blog" data-analytics-category="Command Line Heroes|Presented by Red Hat|Read the blog" data-analytics-text="Read the blog" data-analytics-linktype="cta">Read the blog</a></rh-cta> </div> </div> </div> </div> </div> </section> </div>  <div class="rh-raw" data-rh-unique-id="2069321"> <div class="one-column"> <div class="dx-relative content-region"> </div> </div> </div> </div> </div> </div> </article> </div> <rh-footer-universal slot="universal"><h3 slot="links-primary" hidden data-analytics-text="Red Hat legal and privacy links" >Red Hat legal and privacy links</h3><ul slot="links-primary" data-analytics-region="page-footer-bottom-primary"><li><a href="/en/about/company" data-analytics-category="Footer|Corporate" data-analytics-text="About Red Hat" >About Red Hat</a></li><li><a href="/en/jobs" data-analytics-category="Footer|Corporate" data-analytics-text="Jobs" >Jobs</a></li><li><a href="/en/events" data-analytics-category="Footer|Corporate" data-analytics-text="Events" >Events</a></li><li><a href="/en/about/office-locations" data-analytics-category="Footer|Corporate" data-analytics-text="Locations" >Locations</a></li><li><a href="/en/contact" data-analytics-category="Footer|Corporate" data-analytics-text="Contact Red Hat" >Contact Red Hat</a></li><li><a href="/en/blog" data-analytics-category="Footer|Corporate" data-analytics-text="Red Hat Blog" >Red Hat Blog</a></li><li><a href="/en/about/our-culture/diversity-equity-inclusion" data-analytics-category="Footer|Corporate" data-analytics-text="" >Diversity, equity, and inclusion</a></li><li><a href="https://coolstuff.redhat.com/" data-analytics-category="Footer|Corporate" data-analytics-text="Cool Stuff Store" >Cool Stuff Store</a></li><li><a href="https://www.redhat.com/en/summit" data-analytics-category="Footer|Corporate" data-analytics-text="Red Hat Summit" >Red Hat Summit</a></li></ul><rh-footer-copyright slot="links-secondary">© 2024 Red Hat, Inc.</rh-footer-copyright><h3 slot="links-secondary" hidden data-analytics-text="Red Hat legal and privacy links" >Red Hat legal and privacy links</h3><ul slot="links-secondary" data-analytics-region="page-footer-bottom-secondary"><li><a href="/en/about/privacy-policy" data-analytics-category="Footer|Red Hat legal and privacy links" data-analytics-text="Privacy statement" >Privacy statement</a></li><li><a href="/en/about/terms-use" data-analytics-category="Footer|Red Hat legal and privacy links" data-analytics-text="Terms of use" >Terms of use</a></li><li><a href="/en/about/all-policies-guidelines" data-analytics-category="Footer|Red Hat legal and privacy links" data-analytics-text="All policies and guidelines" >All policies and guidelines</a></li><li><a href="/en/about/digital-accessibility" data-analytics-category="Footer|Red Hat legal and privacy links" data-analytics-text="Digital accessibility" >Digital accessibility</a></li><li><span id="teconsent"></span></li></ul></rh-footer-universal> <div id="consent_blackbar" style="position: fixed;bottom: 0;width: 100%;z-index: 5;padding: 10px;"></div> <script>if (("undefined" !== typeof _satellite) && ("function" === typeof _satellite.pageBottom)) {_satellite.pageBottom();}</script> <script src="https://js.sentry-cdn.com/676ea2c2d4a147c2834066d24c04a9e4.min.js" crossorigin="anonymous"></script> <script src="/rhdc/system-files/js/js_m5sCj6MxR7zKyCN6dJyr-URTyyym3ue2cApHHdWow_A.js?scope=footer&delta=1&language=en&theme=rhdc&include=eJyNUUFuxDAI_FASP6KnXvsBi9hsTNcxEZCt8vuSTbRK1UN7sYGBAQYpOUVoUDejpEF-uBFzrnFkM547KZHJ0dnhCSUkQTA8YqkSNuvkbzIlr1EESeU_6SjC0ummhnMYQXEfY__jSmGqPEJ9K8Izdl84Sgn-fpTTXm7YN3jQBEbcnt2ePfqj7leg1yS0mF4AResrtKlPzHfCC3JjNpR-bfRA0ZPtsozJquZbDombujbDKdsAC3UVNl4tZtLEXr4Fbpi4dp5HtkWcR8whwXLMjTkWsJjumMnYhTcYKk3F8n6VE9UCu1lp3IXsPedUwaOOv-9jdLMzQLhR9dGHF_9rp4yLYPKj5mObTz30P0_zcr8BQH_baQ"></script> <script src="/modules/contrib/webrh/@cpelements/pfe-navigation/dist/pfe-navigation.min.js" type="module"></script> <script src="/themes/custom/rhdc/js/rhdc-set-lang-cookie.js?snbk8m" async></script> <script src="/modules/contrib/red_hat_shared_libs/dist/js/lazy-load-esmodule.js?v=2.0.7" type="module"></script> <script src="/modules/contrib/red_hat_shared_libs/dist/rhds-elements/modules/rh-cta/rh-cta.js" type="module"></script> <script src="/rhdc/system-files/js/js_3YlcRxeiBv6x4y6fTtdH7bPGG59Gf59c0bTRNwqo0lE.js?scope=footer&delta=6&language=en&theme=rhdc&include=eJyNUUFuxDAI_FASP6KnXvsBi9hsTNcxEZCt8vuSTbRK1UN7sYGBAQYpOUVoUDejpEF-uBFzrnFkM547KZHJ0dnhCSUkQTA8YqkSNuvkbzIlr1EESeU_6SjC0ummhnMYQXEfY__jSmGqPEJ9K8Izdl84Sgn-fpTTXm7YN3jQBEbcnt2ePfqj7leg1yS0mF4AResrtKlPzHfCC3JjNpR-bfRA0ZPtsozJquZbDombujbDKdsAC3UVNl4tZtLEXr4Fbpi4dp5HtkWcR8whwXLMjTkWsJjumMnYhTcYKk3F8n6VE9UCu1lp3IXsPedUwaOOv-9jdLMzQLhR9dGHF_9rp4yLYPKj5mObTz30P0_zcr8BQH_baQ"></script> <script src="/ux/webdms/js/vendors/jquery.waypoints.min.js" defer></script> <script src="/ux/webdms/js/vendors/plyr.min.js" defer></script> <script src="/ux/webdms/js/vendors/viewport.min.js" defer></script> <script src="/ux/webdms/js/scripts.min.js" defer></script> <script src="/ux/webdms/js/projects/clh.min.js" defer></script> </body> </html>

CINXE.COM

The One About DevSecOps | Command Line Heroes