The Cloudcast #338 - Governance and DevSecOps

Brian talks with Josh Stella (@joshstella, CEO of @FugueHQ) about what DevSecOps means, how companies manage the tension between Developer agility and Operations stability, how to codify Governance via code, and early steps to success in DevOps culture.

Show Links:

• Fugue Homepage
• Josh Stella, Infrastructure as Code (on theCUBE)
• Infrastructure Governance at the Speed of DevOps
• [PODCAST] @PodCTL - Containers | Kubernetes -  RSS Feed, iTunes, Google Play, Stitcher, TuneIn and all your favorite podcast players
• [A CLOUD GURU] Get The Cloudcast Alexa Skill
• [A CLOUD GURU] A Cloud Guru Membership - Start your free trial. Unlimited access to the best cloud training and new series to keep you up-to-date on all things AWS.
• [A CLOUD GURU] FREE access to AWS Certification Exam Prep Guide - At A Cloud Guru, the #1 question received from students is "I want to pass the AWS cert exam, so where do I start?" This course is your answer.
• [FREE] eBook from O'Reilly

Show Notes

• Topic 1 - Welcome to the show. Tell us about your background and why you decided to focus on DevOps, Security, Compliance and Governance.
• Topic 2 - DevOps is culturally hard. Moving to the cloud is technically hard (move data, refactor apps, etc.). How do you guide people about what areas of those changes to tackle first, or put more focus on?
• Topic 3 - DevOps is two opposing motivations trying to work in harmony. How does “Sec” fit in to create this DevSecOps concept?
• Topic 4 - In the past, Governance and Compliance were primarily Security functions, and somewhat  periodic “validation” functions. Now the technology allows them to potentially be constant guardrails and checks. What’s the state of Governance and Compliance?
• Topic 5 - What guidance do you gives customers that ask how to get started in DevOps, Security, Compliance and Governance?

Feedback?

• Email: show at thecloudcast dot net
• Twitter: @thecloudcastnet and @ServerlessCast