DevSecOps Professional from Philippines
DevSecOps is not just about automation and building pipelines. Done incorrectly by novice professionals and without proper vision and planning, an enterprise may end up automating their problem. Worse yet, DevSecOps can create non-sustainable early traction, where motion is mistaken for results. Often, organizations fall into the trap of changing the titles and the names of departments to DevSecOps, hoping it makes a difference and results.
​
My approach as a technology executive leader who can both craft business case and do coding is different. It all starts with IT Supply Value Chain where gap analysis is made. Once complete; a DevSecOps vision and business case is presented to top management. Then after processes are created, proper DevSecOps CI-CD pipelines are built, tailor fit infrastructure are provisioned. People were given clear accountabilities and responsibilities.
​
I also make clear to leadership team wether a DevSecOps will work or not. Because even the best strategy will be eaten in breakfast by bad culture, wrong people, no top management commitment, and without giving budget for mistakes, and investment for the right sets of people and technology.
DevSecOps Planning
This phase is where I study the IT Supply value chain. Take it as simply how a product feature / services is delivered to your customer. At this phase; it is where vision and high level plan is crafted where I intend to bring the company in their journey. The output here is a compelling high level DevSecOps Plan, Strategy, Vision, and definition of success that stakeholders would be willing to committ.
DevSecOps Business Case
I do DevSecOps business case development. To succeed in DevSecOps, a champion must clearly communicate the measurable objectives of DevSecOps that can be converted to dollar value and present it to executive sponsors. The goal of this stage is to secure funding and commitment from top management relative the the benefit you are to accomplish. This is also the venue where you are given a budget for mistake. That is because DevSecOps is a permanent beta constantly evolving to perfection. If you can not secure funding here both manpower, technology, and cross functional support then the organization is not ready and is likely to fail. All of these are though business case creation.
DevSecOps Projectization
DevSecOps is a journey. Each journey is a story to tell, each story has highlights and lowlights. As a DevSecOps leader and executive, I help enterprise connect the dots to make a DevSecOps success story.
DevSecOps Implementation & Operationalization
I make DevSecOps CICD pipeline. My DevSecOps transformation secret is not about buying the shiniest tool or technology. It is about building a foundation that works. My approach is to leverage on opensource technology. As enterprise matures, so is your team outgrowing the technology. DevSecOps team must earn their way up before investing expensive technology. A properly built shell script and properly imbedded to process outperforms a technology that is improperly used.
