Whether you’re setting up a VPN server or establishing SSL certificates for your internal websites, there are a lot of reasons to consider setting up your own certificate authority (CA) for your organization. On my current project, we ran into the former situation and quickly realized the widely recommended default of setting up a separate […]
I’m currently working on a DevOps project, heavily centered around AWS GovCloud. It’s important to point out I’m working in GovCloud, as opposed to AWS, as this means several key tools are missing. My colleague, Alan Crouch, recently pointed out how NAT Gateways are missing from the offered infrastructure. Another tool we found missing was Route 53, […]
Inevitably on any agile project with a good degree of DevOps maturity, engineers start looking less at the application efficiencies and begin to look at addressing issues with their pipelines and frameworks to deliver faster or more effectively. At Coveros, we call this “DevOps’ing your DevOps.” It is a silly sentence but it speaks to the challenge […]
Change is never easy. Change is even harder when you’re unsure whether your DevOps implementation is changing your team/application/organization for the better or worse. One of the biggest mistakes organizations make when adopting sweeping process or technology changes is a failing to identify measures to determine whether they are trending in a positive direction and when they […]
Welcome to the fourth and final post in my series, DevOps in a Regulated and Embedded Environment. In this part, we’ll look at the problems that pop up when the deploy/test environments aren’t virtualizable. I’m assuming that you’ve already read my earlier post on “Git Flow in a Regulated World”. If you haven’t, the short […]
Welcome to the third part in my series, DevOps in a Regulated and Embedded Environment. In this part, we’re going to look at doing deployments in a restricted environment. What exactly am I talking about? Remember that the target device was missing a whole lot of tooling but was ultimately rather complex. In particular, while […]
Welcome to the second post in my series, “DevOps in a Regulated and Embedded Environment”. In this part, we’ll take a look at how a normal git workflow needs to adapt in a regulatory environment, and how tooling can support the necessary changes. Namely, regulation may stop the development team from releasing a planned feature, […]
In today’s ever-connected technological landscape, cyber security is operating in an environment of unpredictability, accelerated technology change, and threat complexity. All too often, cyber responses are based on cumbersome, slower methodologies that miss critical elements to successfully respond to cyber security threats. Cybersecurity programs are driven primarily by a “Castle Model” of defense – focused […]
One of the most important things in software testing is integrating tests with the build tool that your project uses. Developers need to be able to run your tests easily, otherwise, they’re probably not going to run them. Another reason for integrating tests is that it encourages clearly defining your project’s build process. In the case […]
As the Federal Government looks to adopt cloud services from Amazon Web Services, many agencies are looking to AWS GovCloud to be that provider because services have been accredited by the FedRAMP program. While this is a far better pill to swallow for security programs, it’s somewhat more of a headache for most developers and […]
