DevSecOps (via Azure DevOps or GitHub)

Everything as Code

For many years already we have the possibility to maintain any manual configuration, as code. However, we still click around and call it “production” months later. I call it “technical debt”.

As people come and leave very often, there is a big chance that a manual change nobody knows about, is what keeps a company alive.

Let’s steer away from that mentality and keep your intellectual property well separated on domains of interest, secure, versioned and backed up. I can help you define a future-proof DevOps strategy, by separating artifacts that don’t belong together and making logical room for configurations-as-code.

DTAP / OTAP build

A true isolation between various environments must be as secure as your electrical wires in your home. Once they touch each other, there is a big risk of fire. For each solution that your organization runs, there should be at least a non-production environment where people can safely develop, test, optimize, learn and ultimately “accept” it.

Your Acceptance environment is the Production of tomorrow and you need to be able to control and predict the day of tomorrow. I have almost 20 years of experience in safely shipping software, fully automated, stage by stage, with rollback possibility.

Some services such as Entra ID, or the Microsoft 365 suite are indeed production only, but also there room can be made for trying things out, using automation.

There is always a possibility for automation. I strive for descriptive configuration rather than imperative, with each occasion. Don’t wait and don’t rely too much on retro-fitting.

Pipeline optimization

When is it good enough? When the ammount of effort it takes to make it perfect financially outshines the benefits. Until then, there is always room for improvements such as steering away from using platform hosted secrets or ensuring the pipeline code is easy to be reverse-engineered.

A good pipeline makes room for failures, handles them, and does not rely on multiple runs to hopefully produce the desired outcomes as initially wished for. Automation pipelines for Mission Critical workloads must simulate the changes on the target environments, require human intervention whenever needed and shall never cross-contaminate other environments.

What engineers want? Shortest time to failure observation and the possibility to resume fast on iterative changes. I can help your organization by analyzing your current workflows, design, plan, optimize, create proof-of-value, educate and coach the existing workforce to become more agile at what they do.

Shifting Security to the Left

Ever wondered what Shift-To-Left means? It has to do with introducing non-blocking security measures before your code touches even the Development environment, the outter most left abbreviation letter in DTAP.

Developers of any nature are like water, they always find the path of least resistance, cutting most of the corners, especially the ones of Security. It has to do with both the technology and the mindset of securing developer-driven innovations.

You need to stop secret leaks before your company name becomes the header of various newspapers for client data leak. As an example, a common mistake is to let a database server be accessible from the internet, unencrypted and with a connection string hardcoded somewhere in your public or private code base (or easy to deduct).

You must have a unified visibility of your DevOps security posture, minimize blind spots within a single pane of glass, and get context-driven remediation guidance for code fixes. Integrating with Defender for Cloud helps your organization prioritize critical code fixes and keeps teams focused on emerging threats by reducing security issues before they reach production environments.

I can help you implement suites of security scanning tools native to both GitHub and Azure DevOps that will perform automatic secrets and dependency scanning, and will prevent code vulnerabilities before your brand is worth nothing or it is too late for your business.

ISV-centric Build and Deploy (CI/CD)

Failure is not an option, private! You care only about the code, I care about everything else. In this fast moving world, we need to shorten the release cycles as much as possible, we need to deploy whenever we want without waiting for the maintenance window next Thursday at 10PM. Your code must be risk-mitigated prior to the deployment and your solution must benefit from the best in class quality reviews through linting, unit testing and advanced security automated checks.

Get ready to increase your productivity using modern tooling and practices, regardles of your domain or workload. Is it Data & AI, Web Application Delivery, Identity and Security, Kubernetes, Container Apps or Azure Functions? The principles are the same, the practice is custom.

Tagging for Innersourcing

Do you have time for a coffee until your pipeline fails? Is everything in one repo? Are you creating useless artifacts? Does it feel too complicated and unreadable? Do you live with the fear that one of your colleagues can make a change that will break every deployment?

If you answered “Yes” to at least one of the questions above, you need to change your DevSecOps strategy. Let me help you become ultra efficient at automating your world and introduce in your organization Tag based references for performance efficiency and parallelism.

Designing for Automatic testing

“We can only test in Production”. Then why do you pay for Acceptance? Why isn’t the code scanned and checked for dependencies? Where are the Pester tests? Do you have push protection, auto-triage and alerting mechanisms in place? The time is now - although others are light years ahead of you, many more are in total darkness.

Shed light and create organic structures and patterns, the technology is there already - all we have to do is set it in place, mindfully, together.

Enough reading, hit the contact me link right now and let’s get moving.