Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend
Guest info
Name and Title:
Nickolas Means, VP of Engineering at SYM
Email/Social Media Contact:
@nmeans on Twitter, @nmeans@ruby.social on Mastodon
Time Zone (if other than Pacific):
Central (Austin, TX)
Show Topic Summary / Intro
We welcome Nickolas Means to the stream. Nick is the VP of Engineering at Sym, the adaptive access tool built for developers. He's been an engineering leader for more than a decade, focused on helping teams build velocity through trust and autonomy. He's also a regular speaker at conferences around the world, teaching more
effective software development practices through stories of real-world engineering triumphs and failures.
He’s also the co-host of “Managing Up” a podcast with Management tips, stories, and interviews to help navigate the challenges of managing creative and technical teams.
Questions and potential sub-topics (5 minimum):
'blameless environment' during an incident. We can discuss working an incident and if a 'blameless' environment the exception or the rule (stories from the trenches are always welcome)
Building a compliance program without tanking your engineering velocity... I'd like to speak about that in terms of overall security (product security, scanning, license checks, and more)
Is there a playbook to building more efficient dev and security teams? Can cross training dev in basic security, or security in sprint planning processes make a better experience for all?
Will we ever solve ‘shifting left’? What does Shifting Left really mean to engineering teams, or is that a term security people created to try and speak ‘dev/eng’?
‘Managing Up’... security is often asked to do a lot. Be STO when you don’t manage the resources, timeline, etc. When teams are small, you’re either in the operational/tactical, when management wants a ‘tactical/strategic’ view. What can the overall business do to create a good working relationship out of the gate? “Make a dashboard” is all well and good, except when your org lacks maturity across the board. What are some realistic expectations management should have when the company is small? (I will provide additional context during the stream)
Additional information / pertinent Links (would you like to know more?):
https://managingup.show/ - Managing Up Podcast “Management tips, stories, and interviews to help navigate the challenges of managing creative and technical teams.“
https://symops.com/ - Adaptive access management tools built for engineers
https://www.ted.com/talks/brene_brown_the_power_of_vulnerability?language=en
https://www.terraform.io/
https://news.stanford.edu/2022/12/05/explains-recent-tech-layoffs-worried/
Show Points of Contact:
Amanda Berlin: @infosystir @hackershealth
Brian Boettcher: @boettcherpwned
Bryan Brake: @bryanbrake @bryanbrake@mastodon.social
Website: https://www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec
Youtube: https://youtube.com/c/BDSPodcast
Create your
podcast in
minutes
It is Free