February 2, 2023
(Recorded at Monk’s BBQ, in lovely downtown Purcellville, VA)
Federal leaders will attest to the statement, “Security must be top of mind throughout an application’s development.” Today, we sat down with Jeff Gallimore, Chief Technology, and Innovation Officer at Excella to try to see how this noble concept can be applied to the amazingly complex and ever-changing world of federal technology.
During the interview, Jeff highlights the areas of continuous improvement, naming conventions, and the shift left.
If you were to watch a movie that entails police, you would undoubtedly encounter the abbreviation, CI, which stands for Confidential Informant. However, in today’s discussion of cybersecurity and software, CI brings a new meaning – Continuous Improvement. Jeff Gallimore describes CI as integral to keeping a software project safe.
The concept was broached in 2001 with the Manifesto for Agile Software Development. A group of developers met on a mountaintop and gave principles for improving software development. Near the top of the list was their concept of “responding to change,” what we call continuous improvement. Chances are, those experienced developers could not have anticipated the drastic increase in Internet usage and attacks. All this highlights the need to adapt code.
Moving on to other terms, when asked to differentiate between DevOps and DevSecOps, Jeff did not want to engage in the latest nomenclature debate. He thinks that federal leaders should focus on outputs, not on defining processes. In the time that a team debates DevOps, they can be moving on to another issue.
Another phrase was defined – Shift Left. No, nothing to do with politics, this refers to the traditional way software developers would write code. They would have a large whiteboard and diagram the process of moving from left to right.
In this context, a “shift left” indicates an interest in including cybersecurity at earlier stages of the software development life cycle.
Jeff also commented on the role of automation in managing large hybrid cloud projects. Automation can be offered as the remedy to this complicated circumstance. However, the range of point solutions and platforms merely reinforces the importance of humans understanding the flow of a project.
If you enjoyed this article, you may want to listen to Ep. 39 Selecting the Correct Stack for Zero Trust
Has been in front of a microphone since 1991. He can help you structure, launch, and promote your company podcast. email@example.com