DevSecOps, Cloud Security

The hard lessons of DevOps and security


Software architecture matters. Systems that are designed so you can change small pieces without having to change and test the whole thing again — “you can’t understate the importance of that,” explained Alan Hohn, Lockheed Martin’s Software Factory chief engineer.

It’s one of the examples Hohn gave as a best practice he wished he knew about cybersecurity considerations early in his career.

“Technical debt is hard to address,” Hohn said during an SC Media eSummit with Editor-in-Chief Jill Aitoro. “We are finding it so much easier to integrate new ideas and new capabilities into systems that we built from the ground up to operate in this kind of continuous integration, continuous delivery environment.”

Click here for access to SC Media's "Secure Cloud Series: DevSecOps in High-Velocity Environments" virtual conference on demand.

Hohn said his team found that it would’ve been easier to take the time to make security corrections as they worked. Since making that adjustment, however, Hohn said a project can start from zero to a full pipeline, with test and security scan, within 20 minutes. New programs kick off with that approach, said Hohn, “but we are definitely still correcting for some early cases where we didn’t always do that.”

To avoid a mountain of adjustments waiting for security teams once they get looked into a project, causing a virtual standstill, Hohn said it’s important to integrate security experts into the team from the beginning to find the balance between speed and security.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.