DevOps Institute

DevSecOps Learning with DevOps Institute Global Ambassador, Shlomo Bielak

Certifications, DevOps Basics

DevOps Institute Ambassadors are volunteers from across the globe who want to help advance the career opportunities in IT and support emerging practices within the DevOps community based on a human-centered SKIL Framework, consisting of Skills, Knowledge, Ideas, and Learning.  

These individuals are advocates for the “Humans of DevOps” and are industry pioneers who are passionate about the DevOps movement, are recognized DevOps subject matter experts, and who voluntarily contribute to the Collaborative Body of Knowledge (CBok) of DevOps. 

In the spirit of September’s SKILup Day theme, we are featuring ambassadors who are proficient in DevSecOps. We are proud to feature an Ambassador from Canada, Shlomo Bielak, CTO at Benchmark Corp.

Below, we asked Shlomo to share insights around DevSecOps, as well as personal goals and unique learning moments.

Shlomo is focused on supporting the practical side of DevSecOps which stems from his engineering and enterprise architecture background. He was previously a global head of Site Reliability Engineering and Application Security as a CISO for a Fortune 500. He is also the creator of Governance Engineering which is published in one of his whitepapers on DevGovOps. Shlomo has also worked with niche companies in the container space to publish two case studies showing how a large corporation can modernize its applications using containers and microservices in the cloud while supporting PCI compliance using CD pipelines. 

Shlomo participates heavily in the conference scene which includes keynotes in; Atlanta, San Francisco, New York City, Toronto, Niagara-on-the-Lake, and New Orleans. Look for him in the coming months at DevOps World, All Day DevOps, Cloud Native Virtual Summit, and Unscripted for his breakout sessions. He also provides thought-leadership and product management guidance to multiple partners at their CKO/SKOs to align better with the shift-left DevOps culture. Having successfully implemented digital transformation for a fortune 500 he plans to show others how to do so practically. 

He spends his time giving back to many organizations trying to advance security and technology, including:

  1. Continuous Delivery Foundation Ambassador – Creating content for the wider CI/CD community
    2. Forbes Technology Council – Publishing leadership content on Forbes
    3. CIO Association of Canada – Chair Leadership and Technology Council
    4. CIO Strategy Council – Cyber Security Technology Council member developing security standards and a new standard for digital transformation
    5. SiberX – Advisory board member – Sharing Cyber Security exemplars to the global market

(You can connect with Shlomo Bielak directly  on Twitter at @ciscoconsultant or on LinkedIn).

Q: Why is DevSecOps important?

If we define what it is not it becomes useful for an organization to get security teams collaborating with a responsive operating model. DevSecOps is not a checkbox, it is not tooling, it is not a role. It helps security understand what to focus on, such as not slowing things down with their methods and toil. Meetings and gating don’t work anymore. What does? DevSecOps pushes us to fix the mode of engagement with security involved.

Q: What are the biggest obstacles to overcome when practicing DevSecOps?

Copying someone’s rearview mirror. So many organizations today implement a method that is dated and they continue down that path for a long time not realizing things are still painful. No one’s battle scars are healing. This is due to the lack of practitioners in the market that focus on methods and models. Identify the metrics you want to improve and make sure they include toil and the reduction of talent heroics. 

Q: As an ambassador, what are your goals for helping to advance the humans of DevOps?

The same for any effort I work on. Share my abilities and knowledge to further those listening or wanting to improve. Giving back should be a priority for all practitioners. Our success is not proprietary. The market is under unexpected pressure and dollars spent need to be on our joint success. We cannot afford a 70-75% failure rate on digital transformation.

Q: What is the top learning moment you’ve had in the past three months?

Be sensitive to others. Providing guidance can be done without harming the existing efforts made. You never know how close the person you’re speaking to is to the problem at hand. Understand their battle scars are not healed yet and you need to carefully approach the problem with kindness and sharing. Partner, customer, provider, vendor – we are all playing our part to solve the challenge. Value their efforts and successes.

DevOps Institute has declared September as DevSecOps month!  On Sept. 17 DevOps Institute hosted a SKILup Day conference dedicated to DevSecOps from a technical, process, and cultural point of view. If you missed it you can still watch all the sessions here. 

sidebar graphic with register for London SKILup Festival on September 13, 2022CTA

Membership at DevOps Institute

related posts

8 Insights From the Upskilling IT 2022 Report [Infographic]

8 Insights From the Upskilling IT 2022 Report [Infographic]

By Eveline Oehrlich Chief Research Officer, DevOps Institute This year’s Upskilling IT Report reveals a critical need to close DevOps skills gaps, identifies top skills capabilities, and highlights emerging job roles to help individuals and organizations accelerate IT...

[EP81] What is a “Radical Enterprise” with Matt Parker

[EP81] What is a “Radical Enterprise” with Matt Parker

On this episode of the Humans of DevOps, Jason Baum is joined by Matt K. Parker, author of A Radical Enterprise: Pioneering the Future of High-Performing Organizations. Matt and Jason discuss successful and truly radical business models, what leads folks to try and...

What Are Cloud AI Developer Services?

What Are Cloud AI Developer Services?

Cloud AI Developer Services are growing and cloud providers now offer these services to developers. These hosted models allow developers to gain access to Artificial Intelligence/Machine Learning (AI/ML) technologies without needing deep data science expertise.  As an...