DevSecOps Learning with DevOps Institute Global Ambassador, Shlomo Bielak

Certifications, DevOps Basics

DevOps Institute Ambassadors are volunteers from across the globe who want to help advance the career opportunities in IT and support emerging practices within the DevOps community based on a human-centered SKIL Framework, consisting of Skills, Knowledge, Ideas, and Learning.  

These individuals are advocates for the “Humans of DevOps” and are industry pioneers who are passionate about the DevOps movement, are recognized DevOps subject matter experts, and who voluntarily contribute to the Collaborative Body of Knowledge (CBok) of DevOps. 

In the spirit of September’s SKILup Day theme, we are featuring ambassadors who are proficient in DevSecOps. We are proud to feature an Ambassador from Canada, Shlomo Bielak, CTO at Benchmark Corp.

Below, we asked Shlomo to share insights around DevSecOps, as well as personal goals and unique learning moments.

Shlomo is focused on supporting the practical side of DevSecOps which stems from his engineering and enterprise architecture background. He was previously a global head of Site Reliability Engineering and Application Security as a CISO for a Fortune 500. He is also the creator of Governance Engineering which is published in one of his whitepapers on DevGovOps. Shlomo has also worked with niche companies in the container space to publish two case studies showing how a large corporation can modernize its applications using containers and microservices in the cloud while supporting PCI compliance using CD pipelines. 

Shlomo participates heavily in the conference scene which includes keynotes in; Atlanta, San Francisco, New York City, Toronto, Niagara-on-the-Lake, and New Orleans. Look for him in the coming months at DevOps World, All Day DevOps, Cloud Native Virtual Summit, and Unscripted for his breakout sessions. He also provides thought-leadership and product management guidance to multiple partners at their CKO/SKOs to align better with the shift-left DevOps culture. Having successfully implemented digital transformation for a fortune 500 he plans to show others how to do so practically. 

He spends his time giving back to many organizations trying to advance security and technology, including:

  1. Continuous Delivery Foundation Ambassador – Creating content for the wider CI/CD community
    2. Forbes Technology Council – Publishing leadership content on Forbes
    3. CIO Association of Canada – Chair Leadership and Technology Council
    4. CIO Strategy Council – Cyber Security Technology Council member developing security standards and a new standard for digital transformation
    5. SiberX – Advisory board member – Sharing Cyber Security exemplars to the global market

(You can connect with Shlomo Bielak directly  on Twitter at @ciscoconsultant or on LinkedIn).

Q: Why is DevSecOps important?

If we define what it is not it becomes useful for an organization to get security teams collaborating with a responsive operating model. DevSecOps is not a checkbox, it is not tooling, it is not a role. It helps security understand what to focus on, such as not slowing things down with their methods and toil. Meetings and gating don’t work anymore. What does? DevSecOps pushes us to fix the mode of engagement with security involved.

Q: What are the biggest obstacles to overcome when practicing DevSecOps?

Copying someone’s rearview mirror. So many organizations today implement a method that is dated and they continue down that path for a long time not realizing things are still painful. No one’s battle scars are healing. This is due to the lack of practitioners in the market that focus on methods and models. Identify the metrics you want to improve and make sure they include toil and the reduction of talent heroics. 

Q: As an ambassador, what are your goals for helping to advance the humans of DevOps?

The same for any effort I work on. Share my abilities and knowledge to further those listening or wanting to improve. Giving back should be a priority for all practitioners. Our success is not proprietary. The market is under unexpected pressure and dollars spent need to be on our joint success. We cannot afford a 70-75% failure rate on digital transformation.

Q: What is the top learning moment you’ve had in the past three months?

Be sensitive to others. Providing guidance can be done without harming the existing efforts made. You never know how close the person you’re speaking to is to the problem at hand. Understand their battle scars are not healed yet and you need to carefully approach the problem with kindness and sharing. Partner, customer, provider, vendor – we are all playing our part to solve the challenge. Value their efforts and successes.

DevOps Institute has declared September as DevSecOps month!  On Sept. 17 DevOps Institute hosted a SKILup Day conference dedicated to DevSecOps from a technical, process, and cultural point of view. If you missed it you can still watch all the sessions here. 

Join our Community for Free

related posts

DevSecOps and ITIL4

DevSecOps and ITIL4

By: Niladri Choudhuri, Hugo Lourenco, Jay Shah and Helen Beal DevSecOps has emerged and established itself as the model to assure cybersecurity is properly considered when transitioning to DevOps ways of working. It demands collaboration between the security, IT...

Progressive Delivery

Progressive Delivery

By: Orit Golowinski October 29, 2020 What is Progressive Delivery? Progressive delivery is the process of pushing changes to a product iteratively, first to a small audience and then to increasingly larger audiences to maintain quality control. Progressive Delivery is...

CI/CD Patterns and Practices

CI/CD Patterns and Practices

By: Tiffany Jachja October 27, 2020 CI/CD Patterns and Practices In August, I shared a talk on enabling CI/CD through patterns and practices. This blog post summarizes the contents of said talk, informing readers how to enable continuous software delivery. What is...

Visit Us
Follow Me