Original Post: DevSecOps worst practices – the series
The author shares their journey transitioning from a Waterfall software development methodology in the Canadian Public Service to DevSecOps at Microsoft, despite initially lacking DevOps experience. To catch up quickly, they built an app using Azure DevOps CI/CD and shared their learning process by live-streaming on Twitch. They encountered various challenges and failures, particularly with different security tools, but learned quickly through practice and continuous improvement.
In 2018, they joined IANS Research, aiding clients with Azure and Application Security (AppSec) issues, and later expanded their expertise to DevSecOps. They found answering client questions provided direction for their learning. By 2020, they were coaching companies on long-term AppSec programs, further solidifying their skills in DevSecOps. Through conferences and articles, they continued to learn best practices.
Realizing the value in understanding “what not to do,” they created a conference talk and blog series covering 15 DevSecOps worst practices to help others avoid common pitfalls, including breaking builds on false positives, untested tools, artificial gates, missing test results, and more. The series aims to share these insights to prevent similar mistakes.
Go here to read the Original Post