Exclusive Trusted Magazine Q&A with Gene Gotimer, DevOps Engineer.
How could you describe your career path in a few words?
I have always loved programming, but my degree is in Naval Architecture and Marine Engineering, not Computer Science. Out of college, I worked for the U.S. Navy, testing ships and submarines. We had a lot of computers around, and we were connected to the Internet before that was normal. I started playing on the World Wide Web in its infancy (it had just added images). And that allowed me to take a higher-paying job in software development when the web took off.
From there, I worked with smart developers, which fed my desire always to be learning. I worked for a company that did Agile development and consulting. They were experienced in Agile principles and not just mindlessly following the dogma. Agile became my everyday way of working.
Soon, Agile started becoming a norm, and being an Agile consultant wasn’t such a differentiator. One day our client happened to pick up the newly-released Continuous Delivery book. Everything in the book made so much sense as the natural extension of what we’d been doing with Agile, and I’ve been learning and evangelizing DevOps and DevSecOps practices from then on.
So, I was lucky to have picked the right technologies and methodologies when they were starting, putting me in excellent spots to keep learning and growing.
How do you think DevSecOps practices have transformed companies over the past two years?
Years ago, I worked for a company that spent almost all our time explaining to businesses what e-commerce was and why they should start selling on the web. It seems so natural to us now, but it seemed like a gamble to companies in the early 2000s.
Over the next decade, as the Internet sped up business, Agile became a must-have to be successful. Agile led to DevOps, which led to DevSecOps. What was once a niche became a common goal for any company that built software. And, thanks to the Internet and the web, that is almost every company now.
In recent years, with so many success stories about moving faster and safer with smaller teams, the myth of development’s Iron Triangle has faded (fast, good, cheap- you can only pick two). Where we once had to teach organizations to pay attention to secure development practices, today they realize that just buying a good firewall and installing anti-virus software isn’t enough. Companies must evolve to be faster, better, and more secure without spending a fortune.
Like they eventually adjusted to web commerce years ago, companies are changing to adopt DevSecOps to stay competitive. It isn’t just for unicorn companies anymore.
What successful cases of DevOps transformations have you had the opportunity to observe that have particularly stood out to you?
My first DevOps project was on a U.S. Department of Defense contract. As Admiral Grace Hopper said, “The most dangerous phrase in the language is, ‘We’ve always done it this way,’” That seemed to be the DoD software motto at the time. But our team had a strong leader with vision and enough clout that we could work our way. We showed that we could bend some policies and procedures and still get the safety and assurances the government needed. We went from two risky manual deployments yearly to an automated and routine release every two weeks.
After we left and the next round of contractors came along, everything returned to the old way of doing things. It was easier and more comfortable not to fight the status quo. Soon after, everything we had built crumbled and vanished. We saw that success needed Agile and DevOps, and constant change was the right approach. The risky way was to be stagnant.
That was ten years ago. Despite the project eventually failing, I’m proud of what we did and what I learned. Our “big wins” at the time might seem laughable by today’s standards, but they put us on a path to learn and grow into DevSecOps.
Will DevSecOps practices continue to generate interest? What challenges do you see in the context of deploying these practices?
Nowadays, adopting Agile isn’t talked about much anymore. Not because Agile has gone away, but because being non-Agile isn’t a viable option. Or maybe people are doing Lean or something similar. But these practices are the way business is done. DevOps and DevSecOps are getting to that point.
Organizations aren’t worried about the risk of adopting Agile or DevOps principles. They are worried that they aren’t DevSecOps enough. They fear that the next wave of development evolution is already here, and they aren’t ready to adopt it.
The practices we use will continue to grow and change. What was cutting-edge will become commonplace and eventually fall out of favor as people learn better ways to do things. But the principles that Agile, DevOps, and DevSecOps grew out of will still be part of our industry.
In my experience, most organizations have accepted that change and growth are mandatory. DevOps pioneer Andrew Clay Shafer said, “You are either building a learning organization, or you will be losing to someone who is.” But understanding that learning is necessary and effectively investing in it are two different things. Becoming an organization that values learning and growth is the biggest hurdle for organizations. But once they can get past that, they will be able to handle virtually any change in our industry that comes their way.